I think multiple redirects can make a lot of sense, as Mcr said for resale
chains for example.
I wouldn't be too bothered with DoS attacks an attepting to come up with a tiny
number.
I'd rather go with a number larger than what i can think of being useful. 10
for example.
I could build a load-sharing ring with that ("I am busy, try next") of
reasonable size.
I my pet topic of course is diagnostics of non-malicious misconfigs.
So, when a pledge is redirected from
https://domain3.com/.well-known/brski/requestvoucher
https://domain4.com/.well-known/brski/requestvoucher
Could we make the pledge actually do the get with a breadcrump trail:
On https://domain4.com connection:
GET
/.well-known/brski/requestvoucher?brskiredirpath=domain3.com,domain2.com,domain.com
That way, domain4 would know wherer the pledge came from.
Cheers
Toerless
On Sun, Jun 13, 2021 at 07:41:18AM +0200, Carsten Bormann wrote:
> On 13. Jun 2021, at 04:22, Michael Richardson <[email protected]> wrote:
> >
> > "another web origin" --- I guess I don't know what this means.
>
> See RFC 6454 "The Web Origin Concept???.
>
> In short, scheme + authority.
>
> > Does it mean redirecting from https://one.example/foo to
> > https://two.example/bar,
>
> Different origins https://one.example vs. https://two.example
>
> > or does it refer to https://one.example/foo to https://one.example/bar
> > etc.
>
> Same origin https://one.example
>
> I don???t like the term that much, but it is in wide use in the combination
> ???Same origin principle???.
> In RFC 7252, we use ???Origin server??? to identify the serving endpoint.
> (Of course, ???endpoint" has been hijacked as a needless synonym of
> ???resource??? in OAuth.)
>
> Somebody should write a Web terminology glossary :-)
>
> Grüße, Carsten
>
> _______________________________________________
> Anima mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
