[Errata Rejected] RFC7838 (6481)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 15 March 2021 11:15 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BB1B3A0CD5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Mar 2021 04:15:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level:
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CTE_8BIT_MISMATCH=1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svWv-9xKH0Fz for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Mar 2021 04:15:41 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0B003A0CA0 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 15 Mar 2021 04:15:40 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1lLl9r-0001q9-VV for ietf-http-wg-dist@listhub.w3.org; Mon, 15 Mar 2021 11:13:12 +0000
Resent-Date: Mon, 15 Mar 2021 11:13:11 +0000
Resent-Message-Id: <E1lLl9r-0001q9-VV@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <wwwrun@rfc-editor.org>) id 1lLl9q-0001pR-WA for ietf-http-wg@listhub.w3.org; Mon, 15 Mar 2021 11:13:11 +0000
Received: from rfc-editor.org ([4.31.198.49]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <wwwrun@rfc-editor.org>) id 1lLl9o-0004Bx-ME for ietf-http-wg@w3.org; Mon, 15 Mar 2021 11:13:10 +0000
Received: by rfc-editor.org (Postfix, from userid 30) id 964B9F4075B; Mon, 15 Mar 2021 04:12:52 -0700 (PDT)
To: lucaspardue.24.7@gmail.com, mnot@mnot.net, mcmanus@ducksong.com, julian.reschke@greenbytes.de
X-PHP-Originating-Script: 1005:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: francesca.palombini@ericsson.com, iesg@ietf.org, ietf-http-wg@w3.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20210315111252.964B9F4075B@rfc-editor.org>
Date: Mon, 15 Mar 2021 04:12:52 -0700
Received-SPF: pass client-ip=4.31.198.49; envelope-from=wwwrun@rfc-editor.org; helo=rfc-editor.org
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, CTE_8BIT_MISMATCH=0.999, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1lLl9o-0004Bx-ME 4cae5bd4223532262cc9f36c8563d106
X-Original-To: ietf-http-wg@w3.org
Subject: [Errata Rejected] RFC7838 (6481)
Archived-At: <https://www.w3.org/mid/20210315111252.964B9F4075B@rfc-editor.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38638
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
The following errata report has been rejected for RFC7838, "HTTP Alternative Services". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6481 -------------------------------------- Status: Rejected Type: Editorial Reported by: Lucas Pardue <lucaspardue.24.7@gmail.com> Date Reported: 2021-03-13 Rejected by: Francesca Palombini (IESG) Section: 2.4 Original Text ------------- Furthermore, if the connection to the alternative service fails or is unresponsive, the client MAY fall back to using the origin or another alternative service. Note, however, that this could be the basis of a downgrade attack, thus losing any enhanced security properties of the alternative service. Corrected Text -------------- ¯\_(ツ)_/¯ Notes ----- Alt-Svc fall back is described in section 2.4 and mentions security properties, so I was expecting to see something about fall back in the security considerations. This might be implicitly covered by Section 9.3 but it could potentially be made more clear. --VERIFIER NOTES-- General clarifications and request for improvements to the RFC in a possible future update of the document should be proposed using channels other than the errata process, such as the WG mailing list. -------------------------------------- RFC7838 (draft-ietf-httpbis-alt-svc-14) -------------------------------------- Title : HTTP Alternative Services Publication Date : April 2016 Author(s) : M. Nottingham, P. McManus, J. Reschke Category : PROPOSED STANDARD Source : HTTP Area : Applications and Real-Time Stream : IETF Verifying Party : IESG
- [Errata Rejected] RFC7838 (6481) RFC Errata System