- From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Fri, 6 Jan 2017 21:35:04 +0200 (EET)
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
Martin Thomson <martin.thomson@gmail.com>: (Tue Jan 3 02:49:00 2017)
> On 23 December 2016 at 18:44, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> > This is still quite long sentence to parse.
> >
> > | Clients MUST NOT send http requests over a secured connection, unless the chosen
> > | alternative service presents a certificate that is valid for the origin as defined in
> > | {{RFC2818}} (this also establishes "reasonable assurances" for the purposes of
> > | {RFC7838}}) and they have obtained a valid http-opportunistic response for an origin
> > | (as per {{well-known}}).
> >
> > OK that is manageable (if I read that several times).
>
> Yeah, it's hard to parse. I split it up here:
>
> https://github.com/httpwg/http-extensions/pull/280
>
> Is that clearer?
Hmm. Yes.
https://github.com/httpwg/http-extensions/blob/21ff4e285dce0a2895b9b20057a6615e1b55e8a7/draft-ietf-httpbis-http2-encryption.md
| Clients MUST NOT send http requests over a secured connection, unless the chosen
| alternative service presents a certificate that is valid for the origin as defined in
| {{RFC2818}}. Using an authenticated alternative service establishes "reasonable
| assurances" for the purposes of {RFC7838}}. In addition to authenticating the server
| the client MUST have obtained a valid http-opportunistic response for an origin (as per
| {{well-known}}) using the authenticated connection. An exception to this restriction is
| made for requests for the "http-opportunistic" well-known URI.
/ Kari Hurtta
Received on Friday, 6 January 2017 19:35:43 UTC