IETF Logo Mail Archive

Re: AD review of draft-ietf-httpbis-expect-ct-07

Alexey Melnikov <alexey.melnikov@isode.com> Mon, 29 October 2018 10:52 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49BDB130E78 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Oct 2018 03:52:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level:
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mevh59guCkNu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Oct 2018 03:52:09 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AA0A130E7A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 29 Oct 2018 03:52:08 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1gH56p-00021L-Pq for ietf-http-wg-dist@listhub.w3.org; Mon, 29 Oct 2018 10:49:23 +0000
Resent-Date: Mon, 29 Oct 2018 10:49:23 +0000
Resent-Message-Id: <E1gH56p-00021L-Pq@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <alexey.melnikov@isode.com>) id 1gH56n-00020i-Tv for ietf-http-wg@listhub.w3.org; Mon, 29 Oct 2018 10:49:21 +0000
Received: from waldorf.isode.com ([62.232.206.188]) by titan.w3.org with esmtp (Exim 4.89) (envelope-from <alexey.melnikov@isode.com>) id 1gH56m-0005tE-MA for ietf-http-wg@w3.org; Mon, 29 Oct 2018 10:49:21 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1540810139; d=isode.com; s=june2016; i=@isode.com; bh=rHbeQnSRKOq7uFOyf9uqXBE1crDHg/2hIODNYtkop6M=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=h/RQFHhQa7qyheZcFrIMs6p83BRfsb9T83UckwdapqSljDBApRGJAkAxYi4Y5zJR4SdsRk npKt4lx8lK431rqjZdstnt1uY9wc2wurVAwNe9/ej9jlAISyrOOJvBvakztyMuEiAUl9ps /esXVYeRXaA1a+8cB6UKPcDMza/YnnI=;
Received: from [172.22.22.161] ((unknown) [172.22.22.161]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <W9blmwArGyWB@waldorf.isode.com>; Mon, 29 Oct 2018 10:48:59 +0000
X-SMTP-Protocol-Errors: NORDNS
From: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <CAPP_2SbLDBK2iojUW5Xt2AUD2PKHPutF5w6BB6Up3TONVOFniw@mail.gmail.com>
Date: Mon, 29 Oct 2018 10:48:58 +0000
Cc: httpbis <ietf-http-wg@w3.org>
Message-Id: <3C49D837-8415-494B-A19A-0397F25C9AE6@isode.com>
References: <031bd969-a731-5c77-59f4-98ce50596bc1@isode.com> <CAPP_2SZaTReENHE=C0+QZ0VrfTfZ3UGiMAkJV-5FzWykB=d0Dg@mail.gmail.com> <c8468cdc-ec00-848b-2c41-48d76c07685e@isode.com> <CAPP_2SbLDBK2iojUW5Xt2AUD2PKHPutF5w6BB6Up3TONVOFniw@mail.gmail.com>
To: Emily Stark <estark@google.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="Apple-Mail-97D6EFB4-D492-438C-82E8-8E5E98AD579A"
Content-Transfer-Encoding: 7bit
X-W3C-Hub-Spam-Status: No, score=-4.0
X-W3C-Hub-Spam-Report: AWL=0.978, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1gH56m-0005tE-MA f9bfba9e1565571f86d3faec2a22a4e9
X-Original-To: ietf-http-wg@w3.org
Subject: Re: AD review of draft-ietf-httpbis-expect-ct-07
Archived-At: <https://www.w3.org/mid/3C49D837-8415-494B-A19A-0397F25C9AE6@isode.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35995
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Emily,

> On 29 Oct 2018, at 02:53, Emily Stark <estark@google.com> wrote:
> 
> 
> 
>> On Wed, Sep 5, 2018 at 7:14 AM Alexey Melnikov <alexey.melnikov@isode.com> wrote:
>> Hi Emily,
>> Sorry for the slow response:
>> 
>> On 07/08/2018 20:38, Emily Stark wrote:
>> > Thanks for the feedback! I've addressed this
>> > in https://github.com/httpwg/http-extensions/commit/c2ae923f03a25432c145292b0ceda5f99f750e22,
>> > with a couple clarifications inline.
>> > 
>> > On Tue, Jul 31, 2018 at 6:06 AM Alexey Melnikov
>> > <alexey.melnikov@isode.com <mailto:alexey.melnikov@isode.com>> wrote:
>> > 
>> >     Hi,
>> > 
>> >     The document is well written, but I have a short list of issues I
>> >     would like to discuss:
>> > 
>> >     2.1.  Response Header Field Syntax
>> > 
>> >        Expect-CT           = #expect-ct-directive
>> >        expect-ct-directive = directive-name [ "=" directive-value ]
>> >        directive-name      = token
>> >        directive-value     = token / quoted-string
>> > 
>> >                   Figure 1: Syntax of the Expect-CT header field
>> > 
>> >        Optional white space ("OWS") is used as defined in Section 3.2.3 of
>> > 
>> >     I don't see "OWS" used above. Should it be used around the "="
>> >     character?
>> > 
>> >     It looks like you've copied syntanx from RFC 6797, which used old
>> >     HTTP ABNF with "implied *LWS" rule.
>> >     So you need to update it to explicitly insert OWS. (It is already a
>> >     part of #expect-ct-directive construct though.)
>> > 
>> > This was leftover from mashing up RFC 6797 and 7469, and I think it's
>> > actually just not needed at all anymore (no OWS is intended around the "=").
>> 
>> Ok with me, as long as the WG is happy with this.
>> > 
>> >     2.1.1.  The report-uri Directive
>> > 
>> >     The first mention of HSTS in Section2.1.1 needs a reference to
>> >     [RFC6797].
>> > 
>> > 
>> >        UAs SHOULD limit the rate at which they send reports.  For example,
>> >        it is unnecessary to send the same report to the same "report-uri"
>> >        more than once.
>> > 
>> >     "More than once" in which period. Ever? I think you need to
>> >     elaborate/clarify here.
>> > 
>> > 
>> >     In Section 3.1:
>> > 
>> >          *  The "serialized_sct" key, with a string value.  If the value of
>> >              the "version" key is "1", the UA MUST set this value to the
>> >              base64 encoded [RFC4648] serialized
>> > 
>> >     Which base64 alphabet? There is one in section 4 and another one in
>> >     section 5 of that RFC.
>> > 
>> > Is this really needed? Happy to include it for clarity's sake, but
>> > Section 5 of RFC 4648 already says:
>> > 
>> > This encoding may be referred to as "base64url".  This encoding
>> > should not be regarded as the same as the "base64" encoding and
>> > should not be referred to as only "base64".  Unless clarified
>> > otherwise, "base64" refers to the base 64 in the previous section.
>> 
>> I prefer to be explicit, as there is big variety of things in use.
>> 
> 
> Sure -- addressed in https://github.com/httpwg/http-extensions/commit/94f47313b45538548830fcf253ed6e70eb1fbe97. I'll publish a new version after addressing some more review comments.

Sounds good. You might be unable to post new drafts before next Monday (pre-IETF meeting draft posting blackout), but I can authorise an exception. If you want to post new draft before Monday, send me .txt/.xml.
>  
>> 
>> Please post a new version at your convenience and I will ask IESG to
>> review it.
>> 
>> Best Regards,
>> Alexey

v2.23.0 | Report a Bug | By Email