- From: Patrick McManus <pmcmanus@mozilla.com>
- Date: Fri, 2 Jan 2015 07:45:06 -0500
- To: Aeris <aeris@imirhil.fr>
- Cc: Ryan Hamilton <rch@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Received on Friday, 2 January 2015 12:45:29 UTC
Hi Aeris, As you've discussed with Ryan and Adam (on spdy-dev) I don't really think there is a problem with the specification here - it requires that the connection be considered authoritative for the request. Neither Firefox nor Chrome support TLSA so the h2 stacks don't consider it in the authoritative determination. In each case an extension can provide some of that functionality - but as in this case it appears that the extension, and likely the extension framework too, aren't quite up to date. I'm happy to work with you in the mozilla bug tracker or network mailing lists to close the gap in the best way for your extension. -Patrick On Thu, Jan 1, 2015 at 7:53 AM, Aeris <aeris@imirhil.fr> wrote: > > Chrome does not support TLSA so I'm not sure how the current Chrome SPDY > > implementation could be breaking TLSA. > > As for Firefox, TLSA support is currently provided by a plugin on Chrome : > https://www.dnssec-validator.cz/ > > https://chrome.google.com/webstore/detail/tlsa-validator/gmgeefghnadlmkpbjfamblomkoknhjga > > Regards, > -- > Aeris > > Protect your privacy, encrypt your communications > GPG : EFB74277 ECE4E222 > OTR : 5769616D 2D3DAC72 > https://café-vie-privée.fr/ <https://xn--caf-vie-prive-dhbj.fr/> >
Received on Friday, 2 January 2015 12:45:29 UTC