- From: Lou Steinberg <lou@ctminsights.com>
- Date: Tue, 17 Jul 2018 17:55:03 -0400
- To: ietf-http-wg@w3.org,Eric Rescorla <ekr@rtfm.com>,HTTP Working Group <ietf-http-wg@w3.org>
Received on Tuesday, 17 July 2018 21:55:40 UTC
That makes sense to me. It also covers the case that Lutz spoke in support of; essentually using a subdomain of the origin to pass a token to the alternate service in the SNI. A number of us are interested in that use case. Apologies for the background noise on the call. I dropped off so as to not let it be disruptive Lou On July 17, 2018 5:41:10 PM EDT, Eric Rescorla <ekr@rtfm.com> wrote: >Was talking to DKG in the hallway and he pointed out that Alt-Svc-SNI >works >well for the use case where you have a cert that is valid both for the >original domain (the one you looked up) and the replacement domain (the >one >in the SNI). For instance, you want to reach a.example.com and the >server >has a cert for *.example.com. This would also have the advantage that >you >didn't need to change the Alt-Svc semantics at all. > >Maybe it would make sense to re-scope to that case? > >-Ekr -- Lou Steinberg Managing Partner CTM Insights, llc Sent from my phone while not driving. Please excuse typos and brevity.
Received on Tuesday, 17 July 2018 21:55:40 UTC