Re: [apps-discuss] Comment on draft-thomson-http-omnomnom-00

Martin Thomson <martin.thomson@gmail.com> Sat, 23 July 2016 12:28 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3816612D196 for <apps-discuss@ietfa.amsl.com>; Sat, 23 Jul 2016 05:28:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oR9rR9SDnRCG for <apps-discuss@ietfa.amsl.com>; Sat, 23 Jul 2016 05:28:48 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F5CA12D13D for <apps-discuss@ietf.org>; Sat, 23 Jul 2016 05:28:48 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id x1so122463307qkb.3 for <apps-discuss@ietf.org>; Sat, 23 Jul 2016 05:28:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=biAzuJKdk9ZtAkLZj+E2q3moQEQx+I4JExI4SC9BJ9g=; b=pYgJawgAQNoODSVlR6Ho0Gzl5RVeJ8G9Jj0VtTs+FnXjRXkgb4FVfQGIcNnqVxh+i4 fwbqzE7E+XBmPeaEdi0XzpjK6F0e62VurkElMy4iAEQgIx+GpQVAlrbdai0MQZSWhIQ+ 1NUgrVhTF1sW/fGxPhPMaxkaU4N9oCo1+C1+Ko4BIK+tyODTW/Ds85UHLg6oFdAhSFeo 4nIRd4Lf0pYeiA7Isq11gqlsADpfaNL+m/W1dffCiZyf0NNoGNNAHfhKHnoDV29/4ORV m/nIxduHTdb1zhmN7Qd1ZAwCH5WPl6BD0u26YgHxkjINHmtYbxJpaDr15fSfYzBKX7im sK9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=biAzuJKdk9ZtAkLZj+E2q3moQEQx+I4JExI4SC9BJ9g=; b=EQHbzyxsyOn4qwpWTxTyMcsQ4SdDNP1GU5foF3L09+Ti38KXkzKKlUgrL03zvxoMAr TkVAIM7TsDnvuOSkp9UfPvGo/s4u1rS68B5kOIrhQ0duqI659Wh1RPK4JGf6V1um71ZN yzyVTG1PtjGK+4oik3gRtNLKFct3K6XwMts6YyR6/JjPVnvGWl5JlybUvS8L6nWx1BuX fU243303giFIzQsTbncu8y5zfdamgid2yaejLTuslvRbOvnK1539N8YyhSd1DdPPU1ud 13fpg3yhbsjWcITDfCKmDwXnOkk2Ia1zVa6jKKIfmYTPsl8N8scGjzeMtd5a59hX7+Ak bRug==
X-Gm-Message-State: AEkoousHDwEl0OmFyMR7D3zSCCt1M6Qgsrlkz3UDezNwUuFYGI+WTxhaHYQfsN0ahTYntk3OPsidTb+SisBQ/w==
X-Received: by 10.55.147.70 with SMTP id v67mr10611144qkd.32.1469276927643; Sat, 23 Jul 2016 05:28:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.146 with HTTP; Sat, 23 Jul 2016 05:28:47 -0700 (PDT)
In-Reply-To: <3626798A-9358-43E3-B196-44290260BF95@iii.ca>
References: <3626798A-9358-43E3-B196-44290260BF95@iii.ca>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Sat, 23 Jul 2016 14:28:47 +0200
Message-ID: <CABkgnnVNgmS_-tEuCcdHXcPbXXrm0NqtXD+tW3xgWLusY1fvew@mail.gmail.com>
To: Cullen Jennings <fluffy@iii.ca>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/apps-discuss/Z7GJhV7M4-gbmdKuo-PH9sQwNAQ>
Cc: Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Comment on draft-thomson-http-omnomnom-00
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jul 2016 12:28:50 -0000

I agree.  The point of the draft was to facilitate a discussion about
times and what conditions might be applied to those times (a single
value might be difficult to pick across all situations).

On 23 July 2016 at 11:37, Cullen Jennings <fluffy@iii.ca> wrote:
> So the relevant text of this draft is
>
>    Cookies that are set using insecure channels (i.e., HTTP over
>    cleartext TCP), MUST have a short time limit on the time that they
>    are persisted.
>
> Without specifying what a short time is, this seems like a pretty vacuous MUST. Perhaps an exact value could be provided.
>
>
>
>
>
>