Éric Vyncke's Discuss on draft-ietf-httpbis-rfc6265bis-19: (with DISCUSS and COMMENT)
Éric Vyncke via Datatracker <noreply@ietf.org> Mon, 17 February 2025 08:59 UTC
Received: by ietfa.amsl.com (Postfix) id 1E3F2C23A829; Mon, 17 Feb 2025 00:59:58 -0800 (PST)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D394C23A824 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Feb 2025 00:59:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="P6k0GcYf"; dkim=pass (2048-bit key) header.d=w3.org header.b="aeqJa9uW"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_qzUu_7-04S for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Feb 2025 00:59:54 -0800 (PST)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2891CC20C8FC for <httpbisa-archive-bis2Juki@ietf.org>; Mon, 17 Feb 2025 00:59:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Date:Message-ID:Reply-To:Cc:To:From:Content-Type:MIME-Version :In-Reply-To:References; bh=5NZijHSYdN96iSOGeus3lNmo2e0iK0OZHMlgraAZYfk=; b=P 6k0GcYf5FzPAWzyhBP9KqcWxRIF4ZIbBlj4OIyt4VdsIZexD0aby3BTqQ2x7JrWGLJOBHcsVSoxPA E9UZuBwtG0XuzRxtTeJrVtMtvi2zqHkVQ+JAdyzRVuCh2FQi0E6snu6+QbDWhZh1Mo8OH8PWBeXKp g23Q8/1/SwYz4Mo3zY4mCghzdGU3M6+rfwubJXLbuqCoO6+0eQtnRKuKnOgXLplTDIffv/ZQkc590 F1CwHmw+dmZPyDUth+MviA54lPYUTyyVoxOuFWpC6FL/oCE6jr8RjO7O4ck0PPG0ORuFc1l79If48 xDp+1/7P5j4XpfZtoUXbZIQ4CRq+TkGcg==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1tjwxq-00BMDN-0d for ietf-http-wg-dist@listhub.w3.org; Mon, 17 Feb 2025 08:58:54 +0000
Resent-Date: Mon, 17 Feb 2025 08:58:54 +0000
Resent-Message-Id: <E1tjwxq-00BMDN-0d@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <noreply@ietf.org>) id 1tjwxo-00BMCS-2X for ietf-http-wg@listhub.w3.internal; Mon, 17 Feb 2025 08:58:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Date:Message-ID:Reply-To:Subject:Cc:To:From:Content-Type:MIME-Version :In-Reply-To:References; bh=5NZijHSYdN96iSOGeus3lNmo2e0iK0OZHMlgraAZYfk=; t=1739782732; x=1740646732; b=aeqJa9uWjsqZCkwEDH7VPuIJ2YsuRH8317s6/YFcuhcm0D7 hgQcQC5tzg9n1wr10ZP/OsySBk7e0WHnGkF1J6c4vEWZz3H+6us3exstmLxXGKtgGpukaITowSpIl 6sJJS70An3bt+nMDt1zYRE+f/PVNH6UVlAkQ8ApOadKMa0Vo7Dme5K1IBFLPakugBw8q9dRnwV3Wd BKfQeqgLnGoDXJChg+pAhpK05x1vaHpLpicg4me4jlIFUvp1sQDfEfG/UrkM7WGKD+3szLLwV0GN6 J0KL7UkLiQ7MdthXPhkQPiIZWAVR11RXav+xZSWjgVMvEVUytSFrTBIwZnQvz3hg==;
Received-SPF: pass (puck.w3.org: domain of ietf.org designates 50.223.129.194 as permitted sender) client-ip=50.223.129.194; envelope-from=noreply@ietf.org; helo=mail.ietf.org;
Received: from mail.ietf.org ([50.223.129.194]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <noreply@ietf.org>) id 1tjwxo-003iNg-05 for ietf-http-wg@w3.org; Mon, 17 Feb 2025 08:58:52 +0000
Received: from mail.ietf.org (ietfa.amsl.com [50.223.129.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id 38019C20C8FD; Mon, 17 Feb 2025 00:58:48 -0800 (PST)
Received: from [10.244.8.212] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id A1D25C20C8FC; Mon, 17 Feb 2025 00:58:47 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Éric Vyncke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-httpbis-rfc6265bis@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, mnot@mnot.net, mnot@mnot.net, pspacek@isc.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.35.0
Auto-Submitted: auto-generated
Reply-To: Éric Vyncke <evyncke@cisco.com>
Message-ID: <173978272732.1423200.12857180293642162151@dt-datatracker-75c44cbbdf-pxnd6>
Date: Mon, 17 Feb 2025 00:58:47 -0800
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DMARC_PASS=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1tjwxo-003iNg-05 f96ad4be9044293a90d25b2c00905a16
X-Original-To: ietf-http-wg@w3.org
Subject: Éric Vyncke's Discuss on draft-ietf-httpbis-rfc6265bis-19: (with DISCUSS and COMMENT)
Archived-At: <https://www.w3.org/mid/173978272732.1423200.12857180293642162151@dt-datatracker-75c44cbbdf-pxnd6>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52824
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Éric Vyncke has entered the following ballot position for draft-ietf-httpbis-rfc6265bis-19: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, comments for draft-ietf-httpbis-rfc6265bis-19 CC @evyncke Thank you for the work put into this document, like other ADs I find it easy to read (for most parts). Please find below one blocking DISCUSS points (easy to address), some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Mark Nottingham for the shepherd's write-up including the WG consensus *and* the justification of the intended status. Please note that Petr Špaček is the DNS directorate reviewer and you may want to consider this dns-dir review as well when it will be available (no need to wait for it though): https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/reviewrequest/21332/ I hope that this review helps to improve the document, Regards, -éric ## DISCUSS (blocking) As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/, a DISCUSS ballot is just a request to have a discussion on the following topics: ### Section 2.1 Trivial to fix: please use the actual BCP14 template include RFC 8174 reference. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ## COMMENTS (non-blocking) ### Section 1 & abstract Having some text about the difference with RFC 6265 would be helpful. As a non-English speaker, I had to check the meaning of `infelicities`... I.e., I share Warren's view on unusual words. ### Section 2.1 Unsure whether using "conformance" is the right word to be used in an IETF document. The BCP14 template has also little to do with conformance. Suggest using some wording related to "interoperation" rather than "conformance". Section 3.2 uses "compatible", which is more appropriate. ### Section 3 I am far from being an HTTP expert, but can CDN/proxies also set cookies ? It does not seem so when reading `a way for an origin server to send state`, if so, then suggest adding text clarifying whether CDN/proxies can also Set-Cookie ### Section 3.1 As there are some text about deleting a cookie by sending a Expires date in the past, then the choice of `09 Jun 2021` for a valid cookie does not seem correct in 2025 ;-) Suggest adding some text in the 'valid' example stating that the request is sent in May 2021 or something similar. ### Section 4.1.2.7 To be honest and probably because I am not an HTTP expert, I was unable to understand the specification of SameSite... ### Sections 4.2 and 4.1 Suggest adding "HTTP Header" to the section title, especially for section 4.2 as I read it first about a section about cookies and not about the Cookie header. ### Section 5.2.1 Who is the "We" in `We'll define this origin,`? The authors ? The HTTPBIS WG ? The IETF ? Please refrain from using the ambiguous "we", also applicable in other places ### Section 5.3 What are the consequences of bypassing the "SHOULD" in this section ? Also applicable to many SHOULD (e.g., section 6.1), recommended may be more appropriate. ### Section 5.5 Any justification for the 400 days ? Also, please explain the consequences of bypassing the "SHOULD". ### Section 9.3 Good idea to create such a registry for easier extensions.
- Éric Vyncke's Discuss on draft-ietf-httpbis-rfc62… Éric Vyncke via Datatracker