- From: Eran Hammer-Lahav <eran@hueniverse.com>
- Date: Wed, 11 Feb 2009 16:04:56 -0700
- To: Adam Barth <w3c@adambarth.com>
- CC: "www-talk@w3.org" <www-talk@w3.org>
Exactly. Does that addresses your concern about scope? (we can continue debating the value of the content type header as a measure of security if you'd like...) EHL On 2/11/09 2:58 PM, "Adam Barth" <w3c@adambarth.com> wrote: > On Wed, Feb 11, 2009 at 2:44 PM, Eran Hammer-Lahav <eran@hueniverse.com> > wrote: >> You got this backwards. > > Ah. Thanks for this response. I understand the situation much better now. > > Let me see if I understand this correctly for the case of the https scheme. > > 1. You want to find out more about example.com on port 443 speaking > HTTP-over-TLS. > 2. You want to find out more about https://example.com/resource/1 (and > care about the HTTP-over-TLS representation). > > In both cases, you will do (wrapped in a TLS session): > > GET /host-meta HTTP/1.1 > Host: example.com:443 > > Your point is that a Web browser would never want to find out more > about https://example.com/resource/1 and care about the HTTP > representation (it would always be interested in the HTTP-over-TLS > representation). > > Thanks, > Adam >
Received on Wednesday, 11 February 2009 23:05:40 UTC