- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 1 Jun 2016 11:10:26 +1000
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
What do other folks think? > On 1 Jun 2016, at 8:31 AM, Erik Nygren <erik@nygren.org> wrote: > > Filed for the opp-sec draft where this is most relevant: > > https://github.com/httpwg/http-extensions/issues/188 > > In particular, mixing of secure and insecure schemes should require server-side opt-in over a strongly authenticated channel. (eg, an attribute of /.well-known/http-opportunistic with properties similar to "commit" as for where it can be set). > > Erik > > > At the least, we should warn about the issues that might be encountered. Servers can then choose not to advertise services like this, and clients can choose not to consume them. -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 1 June 2016 01:10:52 UTC