- From: vanupam <notifications@github.com>
- Date: Thu, 16 Mar 2017 14:09:03 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/325/review/27460052@github.com>
vanupam commented on this pull request. > @@ -1421,6 +1473,18 @@ for each associated <a for="fetch group">fetch record</a> whose <p>Let <var>connection</var> be the result of establishing an HTTP connection to <var>origin</var>. [[!HTTP]] [[!HTTP-SEMANTICS]] [[!HTTP-COND]] [[!HTTP-CACHING]] [[!HTTP-AUTH]] [[!TLS]] + <p>If <var>credentials</var> is true and if the user agent supports + <a for=/>Token Binding</a>, propose the use of <a for=/>Token Binding</a> + while setting up the TLS connection, as described in + <a href="https://tools.ietf.org/html/draft-ietf-tokbind-negotiation#section-2">section 2</a> + of the Token Binding Negotiation spec [[!TOKBIND-NEGOTIATION]]. + If Token Binding Negotiation succeeds, update + TLS connection metadata with the parameters of the result of the negotiation. TLS Connections use Token Binding only when credentials=true, and will therefore not pool with connections that have credentials=false. (I updated a note in the 'Connections' section.) I think it would be OK for SWs to share pools with the content area as long as the credentials mode matches. In a UA, we definitely want "profile"-level separation (e.g. incognito mode uses different connection pools than regular profile) Please let me know if I should explicitly add anything about it. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#discussion_r106531984
Received on Thursday, 16 March 2017 21:10:12 UTC