W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: #492: Alt-Svc header host restriction

From: Ryan Hamilton <rch@google.com>
Date: Wed, 4 Jun 2014 12:10:35 -0700
Message-ID: <CAJ_4DfRxnVJg9845woOXwwtzdqqE2YCodJsdxGfDBHQmsBoKNQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
​​On Wed, Jun 4, 2014 at 9:33 AM, Martin Thomson <martin.thomson@gmail.com>
wrote:

>
> On Jun 4, 2014 9:15 AM, "Mark Nottingham" <mnot@mnot.net> wrote:
> >
> > When we were originally working on Alt-Svc, Patrick and I put a
> restriction on the Alt-Svc header field so that it couldn’t redirect
> clients to a different host.
> >
> > Since then, several people have pointed out that the requirement to have
> strong server authentication, as well as cache flushing, seems to contain
> the risk associated with doing this, and that the facility could be quite
> useful.
>
> This sounds fine.
>
>  think that this restriction still belongs in the -encryption draft.
>
​This also sounds good to me.​
​ In Chrome, we've had a number of different discussions about wanting to
do basically this. If the Alt-Svc header supported this functionality, that
would be awesome.​
Received on Wednesday, 4 June 2014 19:11:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC