Re: Indicating Chosen Service #443 from Erik Nygren on 2014-04-25 (ietf-http-wg@w3.org from April to June 2014)

From: Erik Nygren <erik@nygren.org>
Date: Fri, 25 Apr 2014 14:08:49 -0400
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAKC-DJi=n9TXYLjXydK148HG4Lsqrx3_piasMyh+wd-u+iX17A@mail.gmail.com>

On Fri, Apr 25, 2014 at 2:05 PM, Martin Thomson <martin.thomson@gmail.com>wrote:

> That's the extreme option.  I'm thinking that we might just be able to
> scrub the expiry time and maybe even allow the first domain component
> to be replaced with '*', so that wildcard certificate owners are
> unable to use 'somehighentropylabel.example.com' as their ALTSVC in
> the interests of tracking.  I need to think about that last one a
> little more, it might be that it's overkill.
>

Given that the ALTSVC name isn't associated with the cert name, the
highentropylabel could exist across multiple labels.  There are also
legitimate uses for wanting to know the first domain component (eg, if it
is routing information or the name of the server cluster the user was sent
to).

Received on Friday, 25 April 2014 18:09:16 UTC