Re: draft-ietf-httpbis-encryption-encoding

On 23 December 2016 at 18:44, Kari Hurtta <> wrote:
> This is still quite long sentence to parse.
> |  Clients MUST NOT send http requests over a secured connection, unless the chosen
> |  alternative service presents a certificate that is valid for the origin as defined in
> |  {{RFC2818}} (this also establishes "reasonable assurances" for the purposes of
> |  {RFC7838}}) and they have obtained a valid http-opportunistic response for an origin
> |  (as per {{well-known}}).
> OK that is manageable (if I read that several times).

Yeah, it's hard to parse.  I split it up here:

Is that clearer?

>> Yes, that's an oversight.  The only requirement is that the request is
>> made to the authenticated alternative.
> I'm not sure that I understand that from
> Or is there something what I missed?

There was this:

A client is said to
have a valid http-opportunistic response for a given origin when:

* The client has requested the well-known URI from the origin ***over
an authenticated connection*** and a 200 (OK) response was provided,

But no harm in making it clearer (see the above PR).

Received on Tuesday, 3 January 2017 00:49:33 UTC