Toerless Eckert <[email protected]> wrote: > AFAIK, a 307 redirect can redirect to any other location and not only a > different origin, e.g.:
> GET https://mycloudreg.example.com/.well-known/brski/requestvoucher
-> 307, Location: https://mycloudreg.example2.com/whatthecke/strangeurl
> AFAIK, there is no text prohibiting this in rfc8995 (or for that matter
> rfc7030).
> I don't think such a redirect would work, because the pledge wouldn't
> know what the URL for followup commands such as requestvoucher (or any
> EST command) would be.
For a RF8995-only pledge that was working through a proxy would be unable to
reach another web origin, because the TCP connection is forced to a
particular place. The pledge can go from /.well-known/brski/requestvoucher
to /whatthecke/strangeurl, as long as the redirect was relative.
Cloud-brski assumes that the pledge has connectivity, so it can go "anywhere"
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
