- From: Kyle Rose <krose@krose.org>
- Date: Mon, 11 Jan 2016 11:05:04 -0500
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Hervé Ruellan <herve.ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
> I just noticed that I failed to reply to this. The proposed change is to > replace > > "Clients MUST NOT use alternative services with a host that is different > from the origin's without strong server authentication; ...." > > by > > "Clients MUST NOT use an alternative service with a host that is different > than the origin's without strong server authentication linking the > alternative service with the origin's identity. ..." > > My remaining concern is that "...linking the alternative service with the > origin's identity..." might not sufficiently precise for a normative > requirement. More feedback appreciated. How about "Clients MUST NOT use an alternative service with a host that is different from the origin's without strong server authentication of the alternative service declaration"? Kyle
Received on Monday, 11 January 2016 16:05:39 UTC