- From: Mark Nottingham <mnot@mnot.net>
- Date: Sun, 17 Jul 2011 11:33:52 +1000
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Cc: Henrik Nordström <henrik@henriknordstrom.net>, Lisa Dusseault <lisa.dusseault@gmail.com>
<http://trac.tools.ietf.org/wg/httpbis/trac/ticket/100> We've had this ticket open for a while now. Relevant text in our current draft: <http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-15#section-11.4> AIUI DNS pinning is no longer considered an adequate defence against rebinding, and the current advice is for servers to verify the Host header. If that's correct, I think we can close this issue with no change. Thoughts? We should also probably circulate with some security folk. -- Mark Nottingham http://www.mnot.net/
Received on Sunday, 17 July 2011 01:34:29 UTC