[Gen-art] Genart last call review of draft-ietf-httpbis-cdn-loop-01
Joel Halpern <jmh@joelhalpern.com> Mon, 03 December 2018 18:45 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FD9C1200B3; Mon, 3 Dec 2018 10:45:43 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joel Halpern <jmh@joelhalpern.com>
To: gen-art@ietf.org
Cc: draft-ietf-httpbis-cdn-loop.all@ietf.org, ietf@ietf.org, ietf-http-wg@w3.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154386274295.5033.8259810220470907158@ietfa.amsl.com>
Date: Mon, 03 Dec 2018 10:45:42 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/zJXwl1RM13y193cczl4HEivkR6A>
Subject: [Gen-art] Genart last call review of draft-ietf-httpbis-cdn-loop-01
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2018 18:45:43 -0000
Reviewer: Joel Halpern Review result: Ready with Issues I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-httpbis-cdn-loop-01 Reviewer: Joel Halpern Review Date: 2018-12-03 IETF LC End Date: 2018-12-11 IESG Telechat date: Not scheduled for a telechat Summary: This document is ready for publication as a Proposed Standard RFC There are two issues that I think should be addressed before publication Major issues: N/A Minor issues: This depends upon CDNs which have not been upgraded not stripping this header. While I can believe that is a reasonable assumption, it seems that a paragraph explaining that it is the case, and if possible what experience leads us to think it is the case, would be helpful. This document says that it is to protect against attackers causing loops. If the attacker is an external customer, the advice in the security considerations section makes sense. The other apparent attack would be an attacker in the network who strips the information each time it comes past. I believe the reason this is only an apparent attack is that such an attacker could almost as easily simply generate additional messages instead of producing a loop. If I have inferred this correctly, it seems useful to state it. Nits/editorial comments: N/A
- [Gen-art] Genart last call review of draft-ietf-h… Joel Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper
- Re: [Gen-art] Genart last call review of draft-ie… Mark Nottingham
- Re: [Gen-art] Genart last call review of draft-ie… Joel M. Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Mark Nottingham
- Re: [Gen-art] Genart last call review of draft-ie… Joel M. Halpern