Re: Ben Campbell's Yes on draft-ietf-httpbis-expect-ct-07: (with COMMENT)
Ben Campbell <ben@nostrum.com> Wed, 12 September 2018 16:40 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BE42130E8A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Sep 2018 09:40:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UW6U-WsRFHG6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Sep 2018 09:40:36 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94614130DF3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 12 Sep 2018 09:40:36 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1g089u-0002yO-Ci for ietf-http-wg-dist@listhub.w3.org; Wed, 12 Sep 2018 16:38:30 +0000
Resent-Date: Wed, 12 Sep 2018 16:38:30 +0000
Resent-Message-Id: <E1g089u-0002yO-Ci@frink.w3.org>
Received: from uranus.w3.org ([128.30.52.58]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <ben@nostrum.com>) id 1g089j-0002v6-CX for ietf-http-wg@listhub.w3.org; Wed, 12 Sep 2018 16:38:19 +0000
Received: from www-data by uranus.w3.org with local (Exim 4.89) (envelope-from <ben@nostrum.com>) id 1g089j-00078I-8u for ietf-http-wg@listhub.w3.org; Wed, 12 Sep 2018 16:38:19 +0000
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <ben@nostrum.com>) id 1g07fq-0002GI-JN for ietf-http-wg@listhub.w3.org; Wed, 12 Sep 2018 16:07:26 +0000
Received: from raven-v6.nostrum.com ([2001:470:d:1130::1] helo=nostrum.com) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <ben@nostrum.com>) id 1g07fp-0003Km-2t for ietf-http-wg@w3.org; Wed, 12 Sep 2018 16:07:26 +0000
Received: from [10.0.1.95] (cpe-70-122-203-106.tx.res.rr.com [70.122.203.106]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w8CG6vRU072730 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 12 Sep 2018 11:06:58 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-203-106.tx.res.rr.com [70.122.203.106] claimed to be [10.0.1.95]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <054ABDF3-83EF-46B3-ADC2-B9EF6A9D920C@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_64BFE391-3E43-48EB-9BEC-6237073BAB23"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 12 Sep 2018 11:06:56 -0500
In-Reply-To: <A65E3A2C-1F09-4BB0-9D86-2CD9EF4D4219@mnot.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-expect-ct@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
To: Mark Nottingham <mnot@mnot.net>
References: <153671839811.16757.7575392548000373864.idtracker@ietfa.amsl.com> <A65E3A2C-1F09-4BB0-9D86-2CD9EF4D4219@mnot.net>
X-Mailer: Apple Mail (2.3445.9.1)
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1g07fp-0003Km-2t 901b83491bed86a0b78b474752c3d330
X-caa-id: 216edc9da3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Ben Campbell's Yes on draft-ietf-httpbis-expect-ct-07: (with COMMENT)
Archived-At: <https://www.w3.org/mid/054ABDF3-83EF-46B3-ADC2-B9EF6A9D920C@nostrum.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35906
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Mark, Just one comment-question :-) > On Sep 12, 2018, at 11:03 AM, Mark Nottingham <mnot@mnot.net> wrote: > > Hi Ben, > > Just one comment - > >> On 11 Sep 2018, at 7:13 pm, Ben Campbell <ben@nostrum.com> wrote: >> >> Ben Campbell has entered the following ballot position for >> draft-ietf-httpbis-expect-ct-07: Yes >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thanks for this work. I'm balloting "Yes", but I have a few minor comments. >> >> Substantive: >> >> §2.1, step 6: Is there no room for local policy here? >> >> §2.1.3: The guidance for max-age in the security considerations section >> suggests 30 days is a good value. But the directive is specified in seconds. >> Does that make sense? Would a 1 second max-age ever be reasonable? Or even 30 >> days + 1 second? > > Pretty much everything in HTTP is done at second granularity; deviating from that would be odd IMO. I certainly don’t have all the HTTP uses of time intervals loaded in my head--are time intervals on the order of “1 month” commonly used elsewhere? Ben. > > Cheers, > >> >> Editorial: >> >> - General: This uses a non-standard section order towards the end. >> Conventionally the last 2 sections should be security considerations and IANA >> considerations (although the order between those two varies.) >> >> §2.2.2: The second sentence is about UA behavior. It seems like that belongs >> somewhere under §2.3. >> >> §2.3: "SHALL be canonicalized" >> By the UA? (The use of passive voice here obscures the actor.) >> >> > > -- > Mark Nottingham https://www.mnot.net/ >
- Ben Campbell's Yes on draft-ietf-httpbis-expect-c… Ben Campbell
- Re: Ben Campbell's Yes on draft-ietf-httpbis-expe… Mark Nottingham
- Re: Ben Campbell's Yes on draft-ietf-httpbis-expe… Mark Nottingham
- Re: Ben Campbell's Yes on draft-ietf-httpbis-expe… Ben Campbell
- Re: Ben Campbell's Yes on draft-ietf-httpbis-expe… Ben Campbell
- Re: Ben Campbell's Yes on draft-ietf-httpbis-expe… Emily Stark