[Gen-art] Genart last call review of draft-ietf-httpbis-origin-frame-04
Brian Carpenter <brian.e.carpenter@gmail.com> Sun, 26 November 2017 03:44 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 157D8128CDB; Sat, 25 Nov 2017 19:44:31 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Brian Carpenter <brian.e.carpenter@gmail.com>
To: gen-art@ietf.org
Cc: draft-ietf-httpbis-origin-frame.all@ietf.org, ietf-http-wg@w3.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.66.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151166787103.16046.10259096251205147245@ietfa.amsl.com>
Date: Sat, 25 Nov 2017 19:44:31 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/qwY0Y91VaFLKqnMIpG284tmWWHY>
Subject: [Gen-art] Genart last call review of draft-ietf-httpbis-origin-frame-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Nov 2017 03:44:31 -0000
Reviewer: Brian Carpenter Review result: Ready with Issues Gen-ART Last Call review of draft-ietf-httpbis-origin-frame-04 I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-httpbis-origin-frame-04.txt Reviewer: Brian Carpenter Review Date: 2017-11- IETF LC End Date: 2017-11-30 IESG Telechat date: Summary: Ready with (minor) issues -------- Minor Issues: ------------- > 2.1. Syntax ... > Origin: An OPTIONAL sequence of characters ... that the > sender believes this connection is or could be authoritative for. So, that implies that all data in the ORIGIN frame might be false. Doesn't that deserve a bit of a health warning at the beginning of the Security Considerations? Also, using the word "believes" of a server is strange. How would the server acquire uncertain knowledge in the first place, and what algorithm would decide what it "believes"? Appendix A doesn't show any sign of a client checking whether an Origin-Entry is real. > 2.3. The Origin Set ... > o Host: the value sent in Server Name Indication (SNI, [RFC6066] > Section 3), converted to lower case In that reference: >> Literal IPv4 and IPv6 addresses are not permitted in "HostName". Is that an intended or unintended restriction for the ORIGIN frame? In any case it should probably be mentioned explicitly to avoid confusion. (If IPv6 literals were allowed, they might be very convenient for server load balancing. But RFC6066 excludes that.)
- [Gen-art] Genart last call review of draft-ietf-h… Brian Carpenter
- Re: [Gen-art] Genart last call review of draft-ie… Mark Nottingham
- Re: [Gen-art] Genart last call review of draft-ie… Brian E Carpenter
- Re: [Gen-art] Genart last call review of draft-ie… Mark Nottingham
- Re: [Gen-art] Genart last call review of draft-ie… Brian E Carpenter
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper