Re: Working Group Last Call The ORIGIN HTTP/2 Frame

On Tue, Sep 26, 2017 at 12:09 PM, Mark Nottingham <> wrote:
> """
> As a result, clients opting not to consult DNS ought to employ some alternative means to establish a high degree of confidence that the certificate is legitimate. For example, clients might skip consulting DNS only if they receive proof of inclusion in a Certificate Transparency log {{?RFC6929}} or they have a recent OCSP response {{?RFC6960}} (possibly using the "status_request" TLS extension {{?RFC6066}}) showing that the certificate was not revoked.
> """
> Does that work for everyone?

I think that you caught the important pieces.  They really did overlap
almost perfectly.

Received on Tuesday, 26 September 2017 05:10:53 UTC