Re: non authenticated alternate services (was Re: AD review of draft-ietf-httpbis-alt-svc-10) from Mark Nottingham on 2016-01-18 (ietf-http-wg@w3.org from January to March 2016)

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 19 Jan 2016 10:15:21 +1100
To: Patrick McManus <pmcmanus@mozilla.com>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mike Bishop <Michael.Bishop@microsoft.com>, Barry Leiba <barryleiba@computer.org>, "Julian F. Reschke" <julian.reschke@gmx.de>, "draft-ietf-httpbis-alt-svc@ietf.org" <draft-ietf-httpbis-alt-svc@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <387074BE-A612-4E8E-BCE8-DE45080BE72D@mnot.net>

> On 19 Jan 2016, at 7:32 am, Patrick McManus <pmcmanus@mozilla.com> wrote:
> 
>> If the phrase "strong authentication" is making this hard to understand, we might use something else (e.g., "have reasonable assurances that the alternative service is under control of the origin").
> 
> that's better. maybe tweak with the "valid for the whole origin" concept? That would certainly include both valid cert as well as the .wk approach.. 

WFM. I'll update the branch.

--
Mark Nottingham   https://www.mnot.net/

Received on Monday, 18 January 2016 23:15:53 UTC