W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Indicating Chosen Service #443

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 25 Apr 2014 11:05:19 -0700
Message-ID: <CABkgnnVFCUUL_c1H-=Zqn3SxfuYoPGfs7zh3bFSO4oRV6VmAdA@mail.gmail.com>
To: Erik Nygren <erik@nygren.org>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 25 April 2014 10:42, Erik Nygren <erik@nygren.org> wrote:
> particularly concerned clients could ignore the ALTSVC sent by the server.

That's the extreme option.  I'm thinking that we might just be able to
scrub the expiry time and maybe even allow the first domain component
to be replaced with '*', so that wildcard certificate owners are
unable to use 'somehighentropylabel.example.com' as their ALTSVC in
the interests of tracking.  I need to think about that last one a
little more, it might be that it's overkill.
Received on Friday, 25 April 2014 18:05:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC