IETF Logo Mail Archive

Re: [Editorial Errata Reported] RFC7838 (6481)

Ben Schwartz <bemasc@google.com> Mon, 15 March 2021 15:17 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4283A139C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Mar 2021 08:17:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.27
X-Spam-Level:
X-Spam-Status: No, score=-15.27 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vf1vUQZ1q7kG for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Mar 2021 08:17:31 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 379793A139B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 15 Mar 2021 08:17:31 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1lLove-0000zx-1o for ietf-http-wg-dist@listhub.w3.org; Mon, 15 Mar 2021 15:14:46 +0000
Resent-Date: Mon, 15 Mar 2021 15:14:46 +0000
Resent-Message-Id: <E1lLove-0000zx-1o@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <bemasc@google.com>) id 1lLovc-0000zC-Tr for ietf-http-wg@listhub.w3.org; Mon, 15 Mar 2021 15:14:44 +0000
Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <bemasc@google.com>) id 1lLova-0002yg-Rk for ietf-http-wg@w3.org; Mon, 15 Mar 2021 15:14:44 +0000
Received: by mail-wm1-x32b.google.com with SMTP id r15-20020a05600c35cfb029010e639ca09eso20504757wmq.1 for <ietf-http-wg@w3.org>; Mon, 15 Mar 2021 08:14:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VK0OHbZJEYn6RpV3H9oQKATBROprQRCM5GrenygnV7Q=; b=rZWFj1u2A9J3FUMpmB6jYUpWlgFgbkHxFCbT+hnodY+Csa31CFEfn+OpVklcod2KNx b8Vfdky628jlX3LssnuPPT0G2glSC2WZNGmDXeyFHWIPkm3nc4XiRU9z+1FjwX4AEjbk iQ8c+dsqFwec3B5diAx1IrGft9veSKQVuXYLX2pUzd5fj3FXL9OK3Z32Yq1X0hNVa5pT 8NPWWytp22m46fU1Bb8IQRVal/uF5TICeSyokIEmbI8lPpEQRYnY7SHF6K6H77bYVXF7 /ctyRXqlMdObUKaBDFTCvWpiDLo3OePnTwvUbj9GfnfPfw8YL7NlwnoNQw1BpEUhd+ji Y8Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VK0OHbZJEYn6RpV3H9oQKATBROprQRCM5GrenygnV7Q=; b=SJSuMvuxP8ZwZUkyCwONKcFzmSsbiXOt29uRgN2Z916THufn1PM/bpf5rauKpHJu4H nt4xPmvXAsOO9YabB2gyoHpizOruIf5g7M7jzaGDMh++vxwS8jtyk069P0Q4q+OLW0J9 kxt0mfDh9J9j7yQPIvZ02cVj7mlkL5hMXoC1IDi50T8Zpx3PiLwynXsHcg8XRpLbJDbs iC+BgMD76cCtR0ciASaH9546KHjwRfJaasv08yharEhBDxT/W8b8cAywV9IESit/WAwj unWNmkwMbKH4SHMMXCJqlwq04+36VHjpFUHROyROPHfd+PmehKO4xqz8/n40VGQWNzqQ Pv1w==
X-Gm-Message-State: AOAM533WCYZHQqWBOMHrSDsvgFX/KBOwrAuqeCBR0ZKOnePs2dBnJkEJ pq8mg9Tr2Eu49gi/ANcib16GfDZgQdW9qLQ7FQyXPg==
X-Google-Smtp-Source: ABdhPJyvaYUhON4pQFCmudRP+S2BJ7yjwTs7fMlRxFj4Yulphorjo+vvn92Cgop/dfgHm2KZinliz/Rd+4juOoJ2tuQ=
X-Received: by 2002:a1c:7209:: with SMTP id n9mr188935wmc.132.1615821271067; Mon, 15 Mar 2021 08:14:31 -0700 (PDT)
MIME-Version: 1.0
References: <20210313002334.CABD8F40753@rfc-editor.org> <15ed9b3f-1b75-f6be-b754-84bcda0072c3@greenbytes.de>
In-Reply-To: <15ed9b3f-1b75-f6be-b754-84bcda0072c3@greenbytes.de>
From: Ben Schwartz <bemasc@google.com>
Date: Mon, 15 Mar 2021 11:14:19 -0400
Message-ID: <CAHbrMsCd3Pcez7LN6p-=mYaTHgbHTtbY_V4jEsmqxCYTfM=WwA@mail.gmail.com>
To: Julian Reschke <julian.reschke@greenbytes.de>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Mark Nottingham <mnot@mnot.net>, Patrick McManus <mcmanus@ducksong.com>, "Murray S. Kucherawy" <superuser@gmail.com>, Barry Leiba <barryleiba@computer.org>, Tommy Pauly <tpauly@apple.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000e7dcf705bd94b4ef"
Received-SPF: pass client-ip=2a00:1450:4864:20::32b; envelope-from=bemasc@google.com; helo=mail-wm1-x32b.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=bemasc@google.com domain=google.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-24.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1lLova-0002yg-Rk b1df21ac7b980a2961e5ec85a1abc92b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Editorial Errata Reported] RFC7838 (6481)
Archived-At: <https://www.w3.org/mid/CAHbrMsCd3Pcez7LN6p-=mYaTHgbHTtbY_V4jEsmqxCYTfM=WwA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38640
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Re: "RFC7838bis", see https://github.com/MikeBishop/dns-alt-svc/issues/246

On Sat, Mar 13, 2021 at 5:26 AM Julian Reschke <julian.reschke@greenbytes.de>
wrote:

> Am 13.03.2021 um 01:23 schrieb RFC Errata System:
> > The following errata report has been submitted for RFC7838,
> > "HTTP Alternative Services".
> >
> > --------------------------------------
> > You may review the report below and at:
> > https://www.rfc-editor.org/errata/eid6481
> >
> > --------------------------------------
> > Type: Editorial
> > Reported by: Lucas Pardue <lucaspardue.24.7@gmail.com>
> >
> > Section: 2.4
> >
> > Original Text
> > -------------
> >     Furthermore, if the connection to the alternative service fails or is
> >     unresponsive, the client MAY fall back to using the origin or another
> >     alternative service.  Note, however, that this could be the basis of
> >     a downgrade attack, thus losing any enhanced security properties of
> >     the alternative service.
> >
> > Corrected Text
> > --------------
> >   ¯\_(ツ)_/¯
> >
> > Notes
> > -----
> > Alt-Svc fall back is described in section 2.4 and mentions security
> properties, so I was expecting to see something about fall back in the
> security considerations. This might be implicitly covered by Section 9.3
> but it could potentially be made more clear.
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". If necessary, please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party
> > can log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC7838 (draft-ietf-httpbis-alt-svc-14)
> > --------------------------------------
> > Title               : HTTP Alternative Services
> > Publication Date    : April 2016
> > Author(s)           : M. Nottingham, P. McManus, J. Reschke
> > Category            : PROPOSED STANDARD
> > Source              : HTTP
> > Area                : Applications and Real-Time
> > Stream              : IETF
> > Verifying Party     : IESG
>
> I don't think this is an erratum.
>
> The spec says what the WG agreed upon.
>
> If you're looking for a place to collect improvement ideas for a
> potential RFC7838bis, we can do that on the WG's Github issue tracker.
>
> Best regards, Julian
>
> --
> <green/>bytes GmbH, Hafenweg 16, D-48155 Münster, Germany
> Amtsgericht Münster: HRB5782
>
>

v2.23.0 | Report a Bug | By Email