Re: 2.2. Interaction with "https" URIs | Re: Op-sec simplification

[ was
  To: Kari Hurtta <>
  cc: Erik Nygren <>, 
                HTTP working group mailing list <>

Martin Thomson <>: (Sat Nov  5 23:51:10 2016)
> On 4 November 2016 at 15:23, Kari Hurtta <> wrote:
> > Only one origin per connection ("dedicated-connection") is
> > better to use some other mechanism because that look
> > someting which is not limited to Opportunistic HTTP Security.
> > It looks like something which is wanted also for "https".
> Yeah, I'm wondering if this isn't a) enough for this mixed scheme
> concern, and b) enough for the origin frame.

I do not know.

If that does not is like:

« We can't support/use "Opportunistic HTTP Security"
  because concern XXX. Resolution of concern XXX
  requires support of "other mechanism" (not on
  "Opportunistic HTTP Security") and if our client
  supports "Opportunistic HTTP Security" 
  that is no indication support of "other mechanism". »

I'm also just wondering.

/ Kari Hurtta

Received on Thursday, 10 November 2016 05:07:59 UTC