- From: Adam Roach <adam@nostrum.com>
- Date: Wed, 10 Jan 2018 17:59:36 -0600
- To: Mark Nottingham <mnot@mnot.net>
- Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 1/10/18 4:56 PM, Mark Nottingham wrote: > >> On 11 Jan 2018, at 7:59 am, Mark Nottingham <mnot@mnot.net> wrote: >> >>>> That said, I would agree with an argument that we should explicitly say that they aren't supported, so as not to confuse. >>> Yes, please do that. It would also (in my opinion) be worthwhile mentioning that using ORIGIN is incompatible with the use of wildcard certs to indicate authority over wildcarded origins; but, if you don't want to, I'm not going to press the point. >> Will see what I can do. > """ > Note that the ORIGIN frame does not support wildcard names (e.g., "*.example.com") in Origin-Entry. > As a result, sending ORIGIN when a wildcard certificate in use effectively disables any origins > that are not explicitly listed in the ORIGIN frame(s). > """ > > Seem reasonable? Yes. Thanks. (Grammar nit: "...when a wildcard certificate is in use..." or "...with a wildcard certificate in use...") /a
Received on Thursday, 11 January 2018 00:00:15 UTC