Re: Adam Roach's No Objection on draft-ietf-httpbis-origin-frame-04: (with COMMENT)

> On 11 Jan 2018, at 7:59 am, Mark Nottingham <> wrote:
>>> That said, I would agree with an argument that we should explicitly say that they aren't supported, so as not to confuse.
>> Yes, please do that. It would also (in my opinion) be worthwhile mentioning that using ORIGIN is incompatible with the use of wildcard certs to indicate authority over wildcarded origins; but, if you don't want to, I'm not going to press the point.
> Will see what I can do.

Note that the ORIGIN frame does not support wildcard names (e.g., "*") in Origin-Entry.
As a result, sending ORIGIN when a wildcard certificate in use effectively disables any origins
that are not explicitly listed in the ORIGIN frame(s).

Seem reasonable?

Mark Nottingham

Received on Wednesday, 10 January 2018 22:57:17 UTC