W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Please don't re-write TLS (Was: HTTP/2.0 -04 candidate)

From: Yoav Nir <ynir@checkpoint.com>
Date: Wed, 3 Jul 2013 07:33:06 +0000
To: "Ludin, Stephen" <sludin@akamai.com>
CC: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <96B70212-219D-417D-ACB3-1B9169DE64C6@checkpoint.com>

On Jul 3, 2013, at 3:02 AM, "Ludin, Stephen" <sludin@akamai.com> wrote:

> Here is an idea to chew on.  It has been discussed before, but if there
> was a concept of returning multiple certs in the ServerHello which
> indicate other common names the origin is authorized to serve I tight
> provide a path forward to serving related content from those domains.  For
> example, if the origin serves an html response on domain1.com which has
> references to objects on otherdomain.com AND the origin has a valid
> certificate for otherdomain.com it has a mechanism to 'prove' to the
> client that it is authorized to push that content.
> 
> At this point I am rewriting TLS as well as getting far from the original
> subject.  Probably best to continue in a fresh thread if there is interest.

Hi Stephen.

This is authorization at the HTTP level. I don't think this should go in TLS just because TLS has a mechanism for showing certificates. Also if you do want it to go in TLS, there's an RFC for that: http://tools.ietf.org/html/rfc5878 . This allows for sending arbitrary authorization information.

Alternatively, you could add this in HTTP as a header or as a new frame type.

Yoav
Received on Wednesday, 3 July 2013 07:33:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC