RE: Op-sec simplification

I like the direction this is moving, yes.

-----Original Message-----
From: Martin Thomson [] 
Sent: Monday, October 31, 2016 2:58 AM
To: Kari Hurtta <>
Cc: HTTP working group mailing list <>
Subject: Re: Op-sec simplification

On 31 October 2016 at 16:32, Kari Hurtta <> wrote:
> Hmm. Reading it from original and from the secured server gives little 
> more verify that they really are giving same answers.

Yes, but as I observed, we're never truly certain; there's always a pathological case where a client can be convinced of the server being right when it is in fact wrong.  Asking both sides only adds to the complexity of the solution.

> | GET HTTP/1.1
> | Host:

Yes, thanks for pointing that out.  Fixed.

Received on Monday, 31 October 2016 20:00:55 UTC