W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Wed, 11 Feb 2009 12:55:25 -0700
To: Adam Barth <w3c@adambarth.com>
CC: "www-talk@w3.org" <www-talk@w3.org>
Message-ID: <C5B86D2D.1273A%eran@hueniverse.com>
I don't care of this level of pedantry which is why I don't want to use terms that people have a problem agreeing what it means.

There is nothing incorrect about: GET mailto:joe@example.com HTTP/1.1

It might look funny to most people but it is perfectly valid. The protocol is HTTP, the scheme is mailto. HTTP can talk about any URI, not just http URIs. Since this is about *how* /host-meta is obtained, it should talk about protocol, not scheme.


On 2/11/09 10:18 AM, "Adam Barth" <w3c@adambarth.com> wrote:

On Tue, Feb 10, 2009 at 11:37 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> First, scheme is incorrect here as the scheme does not always determine a specific protocol
> (see 'http' is not just for HTTP saga).

I don't understand this level of pedantry, but if you want host-meta
to be usable by Web browsers, you should use the algorithm in
draft-abarth-origin to compute its scope from its URL.  Any deviations
from this algorithm will introduce cracks in the browser's security

Received on Wednesday, 11 February 2009 19:56:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:33:07 UTC