W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: #492: Alt-Svc header host restriction

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 4 Jun 2014 09:33:27 -0700
Message-ID: <CABkgnnUM3rw8DYwZt=spKZtAY5yPpM99Ksrh3qV9=v4NqKPu1g@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Jun 4, 2014 9:15 AM, "Mark Nottingham" <mnot@mnot.net> wrote:
> When we were originally working on Alt-Svc, Patrick and I put a
restriction on the Alt-Svc header field so that it couldn’t redirect
clients to a different host.
> Since then, several people have pointed out that the requirement to have
strong server authentication, as well as cache flushing, seems to contain
the risk associated with doing this, and that the facility could be quite

This sounds fine.

I think that this restriction still belongs in the -encryption draft.
Received on Wednesday, 4 June 2014 16:33:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC