Re: Fwd: SECDIR review of draft-ietf-httpbis-alt-svc-12
Julian Reschke <julian.reschke@gmx.de> Thu, 25 February 2016 12:50 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6943F1A90EE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Feb 2016 04:50:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jzpCbChc8cw0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Feb 2016 04:50:21 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A34191A90F9 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 25 Feb 2016 04:50:21 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aYvI2-0001gl-7U for ietf-http-wg-dist@listhub.w3.org; Thu, 25 Feb 2016 12:45:06 +0000
Resent-Date: Thu, 25 Feb 2016 12:45:06 +0000
Resent-Message-Id: <E1aYvI2-0001gl-7U@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <julian.reschke@gmx.de>) id 1aYvHs-0008JD-QS for ietf-http-wg@listhub.w3.org; Thu, 25 Feb 2016 12:44:56 +0000
Received: from mout.gmx.net ([212.227.17.20]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <julian.reschke@gmx.de>) id 1aYvHq-0000Up-Gt for ietf-http-wg@w3.org; Thu, 25 Feb 2016 12:44:56 +0000
Received: from [192.168.1.123] ([5.10.171.186]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MeMOx-1aI43U3dzL-00QCZ3; Thu, 25 Feb 2016 13:44:23 +0100
To: Mark Nottingham <mnot@mnot.net>, HTTP WG <ietf-http-wg@w3.org>
References: <687A1C0F-067F-4487-A217-7399560FA675@mnot.net> <5E0627D1-45E2-48D5-9A0A-B50B6BA0B644@mnot.net> <56CB4940.8030102@greenbytes.de>
From: Julian Reschke <julian.reschke@gmx.de>
Message-ID: <56CEF729.4010800@gmx.de>
Date: Thu, 25 Feb 2016 13:44:25 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56CB4940.8030102@greenbytes.de>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:BaGtc0vRyMC21MOihBIVnwJrErbwx52F9Pfe7kzg4hdXvcK8D5o 9CXp9ZJ6y6tJedruguO3G4RWj3e0wQKDZKPb1GGZDfWKzqp7NEk8Uy3RH94cepz4gYvP5qc S72tIc8cdUZ2k1jCc+ui0Q4LDB76g3WLmx1tDv1ZOAwe8uDZgDJgiLuI7QK2k5/H4mpQ4FA f8bzv2rpbqjcCX7OOZzWQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:b7/KOHxiFt0=:IgFP1Dsrw1i26gtZXHYFxR 1pnS/hZYW83N1gjwZ2qN1S3AqAilmTY3KAlbWyX6rKqNrV/SH5s8B2bSRIYaLes1AcCoiSd0g W8/tmRhdF+2DC8T0bWQ7MOn7rW+cHDD07ywwQYGk8wVgajYI6jptz50lGQs8yzhWegMzgE/wS zcA2yNTprrK24EXg4INMmtQyc2/4JGQWvYaclGObrujUCtdg92unC0L9Jstd04USJ9Tu173E9 QC3XfZuEGgBxXYEar6r1eflSqCeOjJbm4/HdpD5yCinWGuD1CayOU9/7CycKem0FIX6D6zrGq us5M02qiQ7gfaTlbD5UhJfEwDm0/Xo8+IXlu9VLbD3dAf6TdAFU9Q2GZ+sHKRqUyPcrazPudr 7lhfTLbxWfq6mWfZaMmK8aVMyqH9IIn9+MLCdkbwa94Qp3FMg0SJu3VpNnLxfEji/4ltkPmJH +kCT8uCtohl29tsCwySJmKT/zScJtPCoCXD04YFqO2goAMm7W54374mYFuV2+44o8XVdXFc5x bISj7akwqc95zoVF85/oJ2cIwCUENZ5cyPWOb+4ARS9uy3fWycgUvmKM32tQLxITmA0XNtfUt lNDFWRgG2KRNFl9NmXApQQpLTy69p4OiYb3nIGfRYcTeQB2w7lVxvVvQtMoBgbkUr8NtIEA/2 OFOflj+wNYDhLB4DMn4yRM2a0BpNdxcltIrotX41afAxJQBakKDM0DMwyEUiFVkmb4osB54GJ h108cKs49CJ0mb9ktL9nQTZJ3Ajq5q8kjbjgdn34JqeGNihjvI7Gjbs/rfTvjuTHO8ywsDyLu DHztGov
Received-SPF: pass client-ip=212.227.17.20; envelope-from=julian.reschke@gmx.de; helo=mout.gmx.net
X-W3C-Hub-Spam-Status: No, score=-5.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1aYvHq-0000Up-Gt 7641e374b0d16808c9f1affb9fa50d53
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Fwd: SECDIR review of draft-ietf-httpbis-alt-svc-12
Archived-At: <http://www.w3.org/mid/56CEF729.4010800@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31093
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 2016-02-22 18:45, Julian Reschke wrote: > On 2016-02-22 00:43, Mark Nottingham wrote: >> FYI; we got a secdir review of alt-svc, with some editorial issues. >> >> >>> Begin forwarded message: >>> >>> From: Mark Nottingham <mnot@mnot.net> >>> Subject: Re: SECDIR review of draft-ietf-httpbis-alt-svc-12 >>> Date: 22 February 2016 at 10:42:02 AM AEDT >>> To: Chris Lonvick <lonvick.ietf@gmail.com> >>> Cc: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" >>> <secdir@ietf.org>, draft-ietf-httpbis-alt-svc.all@tools.ietf.org >>> >>> Hi Chris, >>> >>> Thanks for the review. See: >>> https://github.com/httpwg/http-extensions/commit/23d3b09374c077 >>> ... > > > I'm not totally OK with all the edits, for instance we now have > normative language in notes, and a lowercase "required" has sneaked in. > > Will review tomorrow. OK, here we go. Below are the changes that IMHO need to be reviewed as they affect normative language: > Section 2., paragraph 11: > OLD: > > Alt-Svc MAY occur in any HTTP response message, regardless of the > status code. Note that recipients of Alt-Svc are free to ignore the > header field (and indeed need to in some situations; see Sections 2.1 > and 6). > > NEW: > > Alt-Svc MAY occur in any HTTP response message, regardless of the > status code. Note that recipients of Alt-Svc MAY ignore the header > field (and are required to in some situations; see Sections 2.1 and > 6). This should be reverted; the actual requirements are in Sections 2.1 and 6, and we should not have them in multiple places. > Section 4., paragraph 2: > OLD: > > The ALTSVC frame is a non-critical extension to HTTP/2. Endpoints > that do not support this frame can safely ignore it. > > NEW: > > The ALTSVC frame is a non-critical extension to HTTP/2. Endpoints > that do not support this frame MAY ignore it. This is IMHO misleading as it is true for any unknown frame. It just follows from <http://greenbytes.de/tech/webdav/rfc7540.html#rfc.section.4.1>: "Implementations MUST ignore and discard any frame that has a type that is unknown." > Section 4., paragraph 13: > OLD: > > The ALTSVC frame is intended for receipt by clients; a server that > receives an ALTSVC frame can safely ignore it. > > NEW: > > The ALTSVC frame is intended for receipt by clients. A device acting > as a server MUST ignore it. I'm ok with this one (but wanted to highlight the new normative requirement). Best regards, Julian
- Fwd: SECDIR review of draft-ietf-httpbis-alt-svc-… Mark Nottingham
- Re: Fwd: SECDIR review of draft-ietf-httpbis-alt-… Julian Reschke
- Re: SECDIR review of draft-ietf-httpbis-alt-svc-12 Martin Thomson
- Re: Fwd: SECDIR review of draft-ietf-httpbis-alt-… Julian Reschke
- Re: SECDIR review of draft-ietf-httpbis-alt-svc-12 Mark Nottingham
- Re: SECDIR review of draft-ietf-httpbis-alt-svc-12 Mark Nottingham
- Re: SECDIR review of draft-ietf-httpbis-alt-svc-12 Julian Reschke
- Re: SECDIR review of draft-ietf-httpbis-alt-svc-12 Mark Nottingham