Re: #492: Alt-Svc header host restriction

On Jun 4, 2014 9:15 AM, "Mark Nottingham" <mnot@mnot.net> wrote:
>
> When we were originally working on Alt-Svc, Patrick and I put a
restriction on the Alt-Svc header field so that it couldn’t redirect
clients to a different host.
>
> Since then, several people have pointed out that the requirement to have
strong server authentication, as well as cache flushing, seems to contain
the risk associated with doing this, and that the facility could be quite
useful.

This sounds fine.

I think that this restriction still belongs in the -encryption draft.

Received on Wednesday, 4 June 2014 16:33:54 UTC