Re: Skipping DNS resolutions with ORIGIN frame from Patrick McManus on 2017-07-15 (ietf-http-wg@w3.org from July to September 2017)

From: Patrick McManus <mcmanus@ducksong.com>
Date: Sat, 15 Jul 2017 07:10:54 +0000 (UTC)
To: Patrick McManus <mcmanus@ducksong.com>
Cc: Ryan Hamilton <rch@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Piotr Sikora <piotrsikora@google.com>
Message-ID: <CAOdDvNr13KxMSLOmy7aMfVqBciy8rr1S86wwqCbCqPVnErqYAg@mail.gmail.com>

If we can't get consensus on that I'd prefer some kind of stapled assertion
> that kept the perf and privacy properties of the current draft.
>

one other thought while I'm here. If the driving concern is amplifying a
key compromise perhaps making the ORIGIN-as-DNS property contingent on a
strong revocation check would be a workable path.. i.e. use as dns when
ocsp has been stapled or checked (hopefully stapled!).

Received on Saturday, 15 July 2017 07:11:23 UTC