- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 25 Apr 2014 11:40:35 -0700
- To: Erik Nygren <erik@nygren.org>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 25 April 2014 11:08, Erik Nygren <erik@nygren.org> wrote: > Given that the ALTSVC name isn't associated with the cert name, the > highentropylabel could exist across multiple labels. There are also > legitimate uses for wanting to know the first domain component (eg, if it is > routing information or the name of the server cluster the user was sent to). Yes, I thought of that, but there are practical limits to what can be done for labels that can't be covered by a wildcard. It's certainly imperfect. Perhaps the best thing to do is provide security (privacy) considerations on the matter. I think that we can safely scrub the expiration time. I think that ideally, I'd like to make the indicator optional. What are the consequences for you if some clients follow ALTSVC but don't provide an indicator?
Received on Friday, 25 April 2014 18:41:03 UTC