Re: Roman Danyliw's No Objection on draft-ietf-httpbis-digest-headers-12: (with COMMENT)
Lucas Pardue <lucaspardue.24.7@gmail.com> Wed, 24 May 2023 16:38 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85425C1D25A3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 24 May 2023 09:38:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.05
X-Spam-Level:
X-Spam-Status: No, score=-5.05 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6CVnGHT1YUAf for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 24 May 2023 09:38:31 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36B69C1CAB40 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 24 May 2023 09:38:30 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q1rVD-003o3t-Ac for ietf-http-wg-dist@listhub.w3.org; Wed, 24 May 2023 16:38:19 +0000
Resent-Date: Wed, 24 May 2023 16:38:19 +0000
Resent-Message-Id: <E1q1rVD-003o3t-Ac@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <lucaspardue.24.7@gmail.com>) id 1q1rVC-003o2w-1i for ietf-http-wg@listhub.w3.org; Wed, 24 May 2023 16:38:18 +0000
Received: from mail-oa1-x30.google.com ([2001:4860:4864:20::30]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <lucaspardue.24.7@gmail.com>) id 1q1rVB-001pBV-TA for ietf-http-wg@w3.org; Wed, 24 May 2023 16:38:17 +0000
Received: by mail-oa1-x30.google.com with SMTP id 586e51a60fabf-19a13476ffeso410478fac.0 for <ietf-http-wg@w3.org>; Wed, 24 May 2023 09:38:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684946292; x=1687538292; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=53UGtQ9Lcde6i2KAKw8AxJCncIBFmQo12ZDv25HqbrQ=; b=SLe9z1M6B7nByKp2r2EqWnTXrS/vKiNMxi2mYkbeBzgCddo3HLy7ESwoopPlODm2z6 Y+IGPWx4PMh7pYOZGN2jNQUsqfRUgMhGmhDIK+4+d21Us1lVkMFnJNO0reN+eHlCv2w2 ubN691OvcE8e8JmDcgzgY28UEpzc0pD0VomVnBuhP/usoqGNUGEDr8IJx7WyxrOW0tr9 9QyarWdDhEyW5eA/Di4SD/+ZKnzu/W/lnGj2UXqFNRvx5SZPqBUsKrBrzYUL6/F/9NZk 92wtEj0hhNKe3ejJ9RFtN2V4x/STNKk48QwoObnfdjCFGv87N59+8XYkEAtGxSatkwSN sZUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684946292; x=1687538292; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=53UGtQ9Lcde6i2KAKw8AxJCncIBFmQo12ZDv25HqbrQ=; b=eQ96xq98hrNV7ZzNdiG3df6NhLhdrwUE9m5Q6Cg9d8pyuDQo94ziz7tSTtC3e4un3N 0ZemnemSkjsl9sf+3259NLiTrTxIR8H0L1aoepLT5/plbv9p0RSZttTsXIa6jBTJJaD9 KOEdR7s7zphdYwd0moSnGaNqbYlvcIDlJ38E9KrOVozcmNQQ/VxAeFRFoqKt8HozJREZ 1ToatZnTKnb8NYJ2814L56R7SRRGD6xjkOFV7ZHxrRMne9yuPpExuGhR2Yu8v/4b1u3x i4PQD1iH21CamLgSKYRWVLDo8BuPppyRu1O7W13zKc+0ZvRBEnJQwrgBMR33WJCk2Bbm PZrw==
X-Gm-Message-State: AC+VfDxxnb9Clz2tuUTnnEivK+AceBwDNDdFT4SWoWsa0U5L3RHETTmv qnn2c7wDZgwaq4m0+OrO55wrvo7kVgLDEY+EEdcjhoB+CEs=
X-Google-Smtp-Source: ACHHUZ6J713Vb4apNZwKbomVcgVbNJ/5ZpW+SZvKLPPOgjsN9dhQnh2xtRrgPjTmil/dbGPmO18pH2Qx3ZQv0UCNWlY=
X-Received: by 2002:a05:6870:a443:b0:184:4078:e52f with SMTP id n3-20020a056870a44300b001844078e52fmr210050oal.50.1684946292692; Wed, 24 May 2023 09:38:12 -0700 (PDT)
MIME-Version: 1.0
References: <168486410440.60374.9215584822726745937@ietfa.amsl.com> <CALGR9oYrS_H9Qtn6ZvvBCUkK+CVsYMT1AUWM+LOiMbCNibA52g@mail.gmail.com> <e3188d1a07f34a3dac8289ff369afdf5@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <e3188d1a07f34a3dac8289ff369afdf5@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Wed, 24 May 2023 17:38:01 +0100
Message-ID: <CALGR9oasysmgJGNt+kt4RX2A_ivn5zxNiv48ronjQxqHf0F5zw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-httpbis-digest-headers@ietf.org" <draft-ietf-httpbis-digest-headers@ietf.org>, "httpbis-chairs@ietf.org" <httpbis-chairs@ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "mnot@mnot.net" <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="0000000000003ddbeb05fc7321c9"
Received-SPF: pass client-ip=2001:4860:4864:20::30; envelope-from=lucaspardue.24.7@gmail.com; helo=mail-oa1-x30.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=lucaspardue.24.7@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1q1rVB-001pBV-TA 144710f27d141ec149c5623ca33fc26e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Roman Danyliw's No Objection on draft-ietf-httpbis-digest-headers-12: (with COMMENT)
Archived-At: <https://www.w3.org/mid/CALGR9oasysmgJGNt+kt4RX2A_ivn5zxNiv48ronjQxqHf0F5zw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51076
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Roman, Snipping for clarity On Wed, May 24, 2023 at 2:36 PM Roman Danyliw <rdd@cert.org> wrote: > > > [Roman] That’s a key point about no validation practices are being > standardized. My confusion is that “This allows the recipient to choose > which hashing algorithm(s) to use for validation instead of verifying every > digest” hints at validation practices. I would recommend something more > concrete on where local policy might be applied. Roughly: > > > > OLD > > A recipient MAY ignore any or all digests. This allows the recipient to > choose which hashing algorithm(s) to use for validation instead of > verifying every digest. > > > > NEW > > A recipient MAY ignore any or all digests. Application-specific behavior > or local policy MAY set additional constrains on the processing and > validation practices of the conveyed digests. > Thanks for the concrete suggestion (pun intended). I think this pretty good. I've opened an issue ( https://github.com/httpwg/http-extensions/issues/2557) to let us track the matter and a related PR that tweaks your suggestion a little. I've raised it with the HTTP WG just in case they have any suggestions or comments. Modulo that we'll incorporate it into a future revision of the document. Cheers, Lucas
- Roman Danyliw's No Objection on draft-ietf-httpbi… Roman Danyliw via Datatracker
- Re: Roman Danyliw's No Objection on draft-ietf-ht… Lucas Pardue
- Re: Roman Danyliw's No Objection on draft-ietf-ht… Roberto Polli
- Re: Roman Danyliw's No Objection on draft-ietf-ht… Lucas Pardue