W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: SNI vs Host: and a trailing dot

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 17 Mar 2016 10:02:17 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <196FD360-00FF-4F45-AC8B-E6E85B6B5C4C@mnot.net>
To: Daniel Stenberg <daniel@haxx.se>

> On 16 Mar 2016, at 10:17 PM, Daniel Stenberg <daniel@haxx.se> wrote:
> Heya HTTP peeps!
> Input "HTTPS://example.com./". A URI using a hostname with a trailing dot. How to behave?
> 1. RFC 6066 section 3 says the hostname in SNI string should be sent "without a trailing dot"
> 2. RFC 7230 secion 5.4 says about Host: "MUST send a field-value for Host that is identical to that authority component" - which then would include the trailing dot.
> Following these specs, we should send different names in SNI vs Host when a trailing dot is used. I don't like that as I suspect HTTPS servers will use the SNI field to serve contents

They shouldn't be doing that (if indeed they do); SNI is only for selecting the certificate, not anything to do with what happens inside HTTP.


Mark Nottingham   https://www.mnot.net/
Received on Wednesday, 16 March 2016 23:02:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC