W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: Op-sec simplification

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 31 Oct 2016 20:57:56 +1100
Message-ID: <CABkgnnXMdXBcJU+t_cF1n9MRApSd5wfiWjMKEqO+wwkVp43BJw@mail.gmail.com>
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: HTTP working group mailing list <ietf-http-wg@w3.org>
On 31 October 2016 at 16:32, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> Hmm. Reading it from original and from the secured server
> gives little more verify that they really are giving same answers.

Yes, but as I observed, we're never truly certain; there's always a
pathological case where a client can be convinced of the server being
right when it is in fact wrong.  Asking both sides only adds to the
complexity of the solution.

> | GET http://www.example.com/.well-known/http-opportunistic HTTP/1.1
> | Host: www.example.com

Yes, thanks for pointing that out.  Fixed.
Received on Monday, 31 October 2016 09:58:28 UTC

This archive was generated by hypermail 2.3.1 : Monday, 31 October 2016 09:58:33 UTC