- From: Erik Nygren <erik@nygren.org>
- Date: Fri, 25 Apr 2014 15:00:32 -0400
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Received on Friday, 25 April 2014 19:00:59 UTC
Consequences of not getting the indicator: 1) We'd likely return another ALTSVC response immediately under some/many circumstances 2) Some parts of load reporting and load balancing become harder On Fri, Apr 25, 2014 at 2:40 PM, Martin Thomson <martin.thomson@gmail.com>wrote: > On 25 April 2014 11:08, Erik Nygren <erik@nygren.org> wrote: > > Given that the ALTSVC name isn't associated with the cert name, the > > highentropylabel could exist across multiple labels. There are also > > legitimate uses for wanting to know the first domain component (eg, if > it is > > routing information or the name of the server cluster the user was sent > to). > > Yes, I thought of that, but there are practical limits to what can be > done for labels that can't be covered by a wildcard. It's certainly > imperfect. > > Perhaps the best thing to do is provide security (privacy) > considerations on the matter. I think that we can safely scrub the > expiration time. > > I think that ideally, I'd like to make the indicator optional. What > are the consequences for you if some clients follow ALTSVC but don't > provide an indicator? >
Received on Friday, 25 April 2014 19:00:59 UTC