- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 18 Mar 2016 13:14:27 +1100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>, Mike Bishop <Michael.Bishop@microsoft.com>
On 18 March 2016 at 12:19, Mark Nottingham <mnot@mnot.net> wrote: >> There should be possible to give "commit" for authenticated alternatives >> WITHOUT giving also reasonable assurances for non-authenticated alternatives >> (on same host that origin). >> >> /.well-known/http-opportunistic SHOULD include separate indication >> that for reasonable assurances. My suggestion for that parameter is same than >> for "Attacks from the same host". > > Raised as <https://github.com/httpwg/http-extensions/issues/160>. Please discuss. HI Kari, I'm having a lot of trouble parsing your request. I don't know exactly what you are asking for. Do you want "commit" and "reasonable assurances" to be separable? I don't think that it is possible to process "commit" without first processing (and passing) the "reasonable assurances" test. We could spell this out. --Martin
Received on Friday, 18 March 2016 02:14:58 UTC