Someone who controls any resource on an origin can issue directives that affect all resources on that origin. (Thinking of the server the CS/CE students could work with in college, where we all had pages at server.example.edu/~username.) Sure, I can’t change the host because I don’t have the server cert, but I can change ports without that requirement.
The guidance in 9.1 just says “don’t let people do that,” which is easier said than done on systems that already exist. People can run apps listening on ephemeral ports, and people can control their home pages. With this combination, everyone else's home pages can be hijacked unless the server admin reads this draft before any students do and promptly prohibits pages from emitting headers named Alt-Svc.
The way to partially fix this is to require strong auth for changes of port as well. Resources can still slow down access by causing attempts to access an alternate, but the alternate won't be able to supply fake resources.
Someone who controls any resource on an origin can issue directives that affect all resources on that origin. (Thinking of the server the CS/CE students could work with in college, where we all had pages at server.example.edu/~username.) Sure, I can’t change the host because I don’t have the server cert, but I can change ports without that requirement.
The guidance in 9.1 just says “don’t let people do that,” which is easier said than done on systems that already exist. People can run apps listening on ephemeral ports, and people can control their home pages. With this combination, everyone else's home pages can be hijacked unless the server admin reads this draft before any students do and promptly prohibits pages from emitting headers named Alt-Svc.
The way to partially fix this is to require strong auth for changes of port as well. Resources can still slow down access by causing attempts to access an alternate, but the alternate won't be able to supply fake resources.