- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 17 Mar 2016 10:02:17 +1100
- To: Daniel Stenberg <daniel@haxx.se>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
> On 16 Mar 2016, at 10:17 PM, Daniel Stenberg <daniel@haxx.se> wrote: > > Heya HTTP peeps! > > Input "HTTPS://example.com./". A URI using a hostname with a trailing dot. How to behave? > > 1. RFC 6066 section 3 says the hostname in SNI string should be sent "without a trailing dot" > > 2. RFC 7230 secion 5.4 says about Host: "MUST send a field-value for Host that is identical to that authority component" - which then would include the trailing dot. > > Following these specs, we should send different names in SNI vs Host when a trailing dot is used. I don't like that as I suspect HTTPS servers will use the SNI field to serve contents They shouldn't be doing that (if indeed they do); SNI is only for selecting the certificate, not anything to do with what happens inside HTTP. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 16 March 2016 23:02:46 UTC