Re: Some more thoughts on Alt-Svc-SNI

That makes sense to me.  It also covers the case that Lutz spoke in support of; essentually using a subdomain of the origin to pass a token to the alternate service in the SNI.  A number of us are interested in that use case.

Apologies for the background noise on the call.  I dropped off so as to not let it be disruptive

Lou


On July 17, 2018 5:41:10 PM EDT, Eric Rescorla <ekr@rtfm.com> wrote:
>Was talking to DKG in the hallway and he pointed out that Alt-Svc-SNI
>works
>well for the use case where you have a cert that is valid both for the
>original domain (the one you looked up) and the replacement domain (the
>one
>in the SNI). For instance, you want to reach a.example.com and the
>server
>has a cert for *.example.com. This would also have the advantage that
>you
>didn't need to change the Alt-Svc semantics at all.
>
>Maybe it would make sense to re-scope to that case?
>
>-Ekr

-- 
Lou Steinberg 
Managing Partner 
CTM Insights, llc

Sent from my phone while not driving. Please excuse typos and brevity.

Received on Tuesday, 17 July 2018 21:55:40 UTC