W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

#492: Alt-Svc header host restriction

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 4 Jun 2014 12:11:46 -0400
Message-Id: <36F3B07D-7CE6-44F7-9B82-14470A774B0A@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>

When we were originally working on Alt-Svc, Patrick and I put a restriction on the Alt-Svc header field so that it couldnít redirect clients to a different host.

Since then, several people have pointed out that the requirement to have strong server authentication, as well as cache flushing, seems to contain the risk associated with doing this, and that the facility could be quite useful.

So, Iím suggesting we (re-) add the capability to the header.

[ Iíve opened <https://github.com/http2/http2-spec/issues/492> for this ]

Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 4 June 2014 16:12:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC