W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: Fetch: HTTP authentication and CORS

From: Jonas Sicking <jonas@sicking.cc>
Date: Sat, 4 May 2013 10:14:18 -0700
Message-ID: <CA+c2ei-im_EmtiDdVy_J+1XYGZ1nKzahx976Wmg6EmEN-tcUrA@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>, Adam Barth <w3c@adambarth.com>
On May 4, 2013 1:29 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote:
>
> On Fri, May 3, 2013 at 7:00 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> > In the Gecko implementation they aren't. Assuming that you mean when
with
> > credentials is set to false?
>
> Right, when it's set to false. What's the normative reference for TLS
> client certificates? https://tools.ietf.org/html/rfc5246#section-7.4.6
> maybe?
>
>
> > We also don't reuse keep-alive http connections.
>
> Are we talking about persistent connections as per
> http://tools.ietf.org/html/rfc2616#section-8.1 or the obsolete
> HTTP/1.0 feature?

In the sense of the keep-alive header. I'm not sure, but I think it was
defined in HTTP 1.1.

/ Jonas
Received on Saturday, 4 May 2013 17:14:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC