- From: Alessandro Ghedini <alessandro@ghedini.me>
- Date: Sat, 10 Dec 2016 14:15:14 +0000
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
On Fri, Dec 09, 2016 at 12:13:15PM -0800, Roy T. Fielding wrote: > Why is this not a TLS option, preferably signaled by an attribute of the > certificate itself? I don't have strong opinions about HTTP header vs TLS extension, but making this an x509 extensions would severely impact adoption of this mechanism in the short and medium terms since it would require explicit support from CAs. Might be worth noting that by using an HTTP header a site behind a third-party CDN could in theory implement the mechanism itself without support from the CDN (whether this is a useful thing is unclear though). Cheers
Received on Saturday, 10 December 2016 14:15:45 UTC