- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 22 May 2014 12:56:09 +1000
- To: "William Chan (陈智昌)" <willchan@chromium.org>
- Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 22 May 2014, at 10:25 am, William Chan (陈智昌) <willchan@chromium.org> wrote: > I've skimmed the draft in more detail now and have nits: > > * Grammar in section 6.3. - "A browser client MUST clear persisted all alternative service information when clearing other origin-based state (i.e., cookies).” Fixed in-repo, thanks. > * Please consistently use "alternative services" instead of "alternate services”. Dang, missed one. > > I don't feel very strongly, but I am not sure where the times for the operational considerations are coming from. IIRC, HSTS and HPKP use much longer max-ages. Why does this draft suggest capping at 1 month? Martin? > > Cheers. > > > On Mon, May 19, 2014 at 8:59 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 19 May 2014 20:42, Mark Nottingham <mnot@mnot.net> wrote: > > FYI - Martin went away and did some substantial revision of this draft, and is now an author. > > The changes incorporate a draft you might have seen, but I didn't > announce. The main innovation here is a way to make the whole thing > sticky in an effort to reduce the opportunity for downgrade attack. > Pretty standard stuff, but included as a bit of a thought experiment > as well as a bit of a test to see what people think. > > -- Mark Nottingham http://www.mnot.net/
Received on Thursday, 22 May 2014 02:56:38 UTC