W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: 2.2. Interaction with "https" URIs | Re: Op-sec simplification

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Thu, 10 Nov 2016 07:07:15 +0200 (EET)
Message-Id: <201611100507.uAA57Fxu002120@shell.siilo.fmi.fi>
To: Martin Thomson <martin.thomson@gmail.com>
CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Erik Nygren <erik@nygren.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
[ was
  To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
  cc: Erik Nygren <erik@nygren.org>, 
                HTTP working group mailing list <ietf-http-wg@w3.org>
]

Martin Thomson <martin.thomson@gmail.com>: (Sat Nov  5 23:51:10 2016)
> On 4 November 2016 at 15:23, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> > Only one origin per connection ("dedicated-connection") is
> > better to use some other mechanism because that look
> > someting which is not limited to Opportunistic HTTP Security.
> > It looks like something which is wanted also for "https".
> 
> 
> Yeah, I'm wondering if this isn't a) enough for this mixed scheme
> concern, and b) enough for the origin frame.

I do not know.

If that does not is like:

« We can't support/use "Opportunistic HTTP Security"
  because concern XXX. Resolution of concern XXX
  requires support of "other mechanism" (not on
  "Opportunistic HTTP Security") and if our client
  supports "Opportunistic HTTP Security" 
  that is no indication support of "other mechanism". »

I'm also just wondering.

/ Kari Hurtta
Received on Thursday, 10 November 2016 05:07:59 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 10 November 2016 05:08:04 UTC