- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 03 Mar 2017 03:54:05 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/325/review/24958061@github.com>
annevk commented on this pull request. > @@ -1421,6 +1473,18 @@ for each associated <a for="fetch group">fetch record</a> whose <p>Let <var>connection</var> be the result of establishing an HTTP connection to <var>origin</var>. [[!HTTP]] [[!HTTP-SEMANTICS]] [[!HTTP-COND]] [[!HTTP-CACHING]] [[!HTTP-AUTH]] [[!TLS]] + <p>If <var>credentials</var> is true and if the user agent supports + <a for=/>Token Binding</a>, propose the use of <a for=/>Token Binding</a> + while setting up the TLS connection, as described in + <a href="https://tools.ietf.org/html/draft-ietf-tokbind-negotiation#section-2">section 2</a> + of the Token Binding Negotiation spec [[!TOKBIND-NEGOTIATION]]. + If Token Binding Negotiation succeeds, update + TLS connection metadata with the parameters of the result of the negotiation. It seems hard to get it properly defined as that would require changes to TLS itself too, so somewhat handwavy is probably the only way to go for now. I do wonder though if we bind things to the connection, if that means we need to change the way we select a connection. It seems the connection in question shouldn't be reused by browsing contexts / service workers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#discussion_r104139324
Received on Friday, 3 March 2017 11:55:19 UTC