Re: 2.2. Interaction with "https" URIs | Re: Op-sec simplification from Martin Thomson on 2016-11-05 (ietf-http-wg@w3.org from October to December 2016)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Sun, 6 Nov 2016 08:51:10 +1100
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: Erik Nygren <erik@nygren.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWWMuf5kXE4T8xTqfKPhpTymS6mMr3Q_RtdnDSsfnUDHQ@mail.gmail.com>

On 4 November 2016 at 15:23, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> Only one origin per connection ("dedicated-connection") is
> better to use some other mechanism because that look
> someting which is not limited to Opportunistic HTTP Security.
> It looks like something which is wanted also for "https".


Yeah, I'm wondering if this isn't a) enough for this mixed scheme
concern, and b) enough for the origin frame.

Received on Saturday, 5 November 2016 21:51:42 UTC