W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 11 Feb 2009 14:58:48 -0800
Message-ID: <7789133a0902111458i2ead255eiae4cd2f5781cefa6@mail.gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Cc: "www-talk@w3.org" <www-talk@w3.org>

On Wed, Feb 11, 2009 at 2:44 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> You got this backwards.

Ah.  Thanks for this response.  I understand the situation much better now.

Let me see if I understand this correctly for the case of the https scheme.

1. You want to find out more about example.com on port 443 speaking
HTTP-over-TLS.
2. You want to find out more about https://example.com/resource/1 (and
care about the HTTP-over-TLS representation).

In both cases, you will do (wrapped in a TLS session):

GET /host-meta HTTP/1.1
Host: example.com:443

Your point is that a Web browser would never want to find out more
about https://example.com/resource/1 and care about the HTTP
representation (it would always be interested in the HTTP-over-TLS
representation).

Thanks,
Adam
Received on Wednesday, 11 February 2009 22:59:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:30 GMT