W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

160 Re: draft-ietf-httpbis-http2-encryption-04

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 18 Mar 2016 13:14:27 +1100
Message-ID: <CABkgnnVkhq6-4FJyWrt2JMKJk1h5biLhe72QztWJd798qQwtHA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>, Mike Bishop <Michael.Bishop@microsoft.com>
On 18 March 2016 at 12:19, Mark Nottingham <mnot@mnot.net> wrote:
>> There should be possible to give "commit" for authenticated alternatives
>> WITHOUT giving also reasonable assurances for non-authenticated alternatives
>> (on same host that origin).
>>
>> /.well-known/http-opportunistic SHOULD include separate indication
>> that for reasonable assurances. My suggestion for that parameter is same than
>> for "Attacks from the same host".
>
> Raised as <https://github.com/httpwg/http-extensions/issues/160>. Please discuss.

HI Kari,

I'm having a lot of trouble parsing your request.  I don't know
exactly what you are asking for.

Do you want "commit" and "reasonable assurances" to be separable?  I
don't think that it is possible to process "commit" without first
processing (and passing) the "reasonable assurances" test.  We could
spell this out.

--Martin
Received on Friday, 18 March 2016 02:14:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC