1) This is a specified service, shouldn't it be registered as a .well-known service?
http://example.com/.well-known/ct/1 This means that the CT log can play nice with other services on the same server. (obviously have to replace ct with what we register) 2) The command should be present in the JSON request. HTTP request lines are hard to protect with message level authentication. Putting the command in the content means that it is covered independently. Reason this matters is that the request line and headers tend to get 'battered' as they pass through enterprise scale web traffic management systems. The same is true of TLS authentication that tends to get stripped out at the front door by some sort of message router. -- Website: http://hallambaker.com/
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
