Re: [Privacy-pass] Httpdir last call review of draft-ietf-privacypass-protocol-12
Tommy Pauly <tpauly@apple.com> Tue, 12 September 2023 20:49 UTC
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tpauly@apple.com>) id 1qgAFo-0004Wz-E0 for ietf-http-wg@listhub.w3.org; Tue, 12 Sep 2023 20:49:46 +0000
Received: from ma-mailsvcp-mx-lapp01.apple.com ([17.32.222.22]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <tpauly@apple.com>) id 1qgAKN-00Erh3-Rk for ietf-http-wg@w3.org; Tue, 12 Sep 2023 20:49:45 +0000
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma-mailsvcp-mx-lapp01.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S0W00V1L4IAZL30@ma-mailsvcp-mx-lapp01.apple.com> for ietf-http-wg@w3.org; Tue, 12 Sep 2023 13:49:33 -0700 (PDT)
X-Proofpoint-ORIG-GUID: NFn_KlzTXyJpck5MqQBSUU1SqJfloYjU
X-Proofpoint-GUID: NFn_KlzTXyJpck5MqQBSUU1SqJfloYjU
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.601,18.0.957 definitions=2023-09-12_19:2023-09-05,2023-09-12 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 mlxscore=0 phishscore=0 adultscore=0 mlxlogscore=999 spamscore=0 bulkscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000 definitions=main-2309120175
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=Px1VsN93/i2s1y5Xu34WwHrzwdLS+B4cVC5GzaXaf6w=; b=hpEV+JlRcjo1yQ5ephzRRJRNZpxFIOuVC6ZECPRG478aYzvL4iUTYb4M4pC5CNzDwVmU ZSpUJtgcEEyzpmFr4V7/g6LJWG9MTJqRL8WbqRHoBriFEo/N4a0Bf+HkD4kKSR7rmdGX jPjqVboIKpo1AgzJyGDuS/YiFk5lWCGD7rL5esAIqAdQyIQ/D/ipugtyATZVPdFBAd3W xJwJYDexmSpD1Fy62O/PRpUebV8v2d1CS9BUgDkO2yy8uOkPqm/5NItWMs7AXOtvTTmC 2OEtbgMZCELQjvtSVWS4OUgsryWnKAY1qXTbnd85nGYd3pw7hsPsHLcZHbY+1HO0z9rI HQ==
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S0W00N9L4IIINU0@rn-mailsvcp-mta-lapp04.rno.apple.com>; Tue, 12 Sep 2023 13:49:31 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S0W0090048UGX00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Tue, 12 Sep 2023 13:49:30 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 1ea9fc21d4317491099989f2a1fdb838
X-Va-E-CD: d16a74b81ee6c43392e56effa723cfc7
X-Va-R-CD: b14fb2c81d87140ce73ba34002a38556
X-Va-ID: 90659e46-37f4-4652-90bc-7243b056ceef
X-Va-CD: 0
X-V-A:
X-V-T-CD: 1ea9fc21d4317491099989f2a1fdb838
X-V-E-CD: d16a74b81ee6c43392e56effa723cfc7
X-V-R-CD: b14fb2c81d87140ce73ba34002a38556
X-V-ID: f60cc2b5-4e1a-432b-9e4e-38eba796cde5
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.601,18.0.957 definitions=2023-09-12_19:2023-09-05,2023-09-12 signatures=0
Received: from smtpclient.apple ([17.11.216.241]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S0W00JY24II6Y00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Tue, 12 Sep 2023 13:49:30 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <51A4E634-C7A2-48C2-A0BE-3DB5460F52C1@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_6F8C9345-745B-4F60-B8BF-502FE6623905"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
Date: Tue, 12 Sep 2023 13:49:20 -0700
In-reply-to: <169345403996.812.3096903782580737856@ietfa.amsl.com>
Cc: ietf-http-wg@w3.org, draft-ietf-privacypass-protocol.all@ietf.org, last-call@ietf.org, privacy-pass@ietf.org
To: Mark Nottingham <mnot@mnot.net>
References: <169345403996.812.3096903782580737856@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Received-SPF: pass client-ip=17.32.222.22; envelope-from=tpauly@apple.com; helo=ma-mailsvcp-mx-lapp01.apple.com
X-W3C-Hub-DKIM-Status: validation passed: (address=tpauly@apple.com domain=apple.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-11.4
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1qgAKN-00Erh3-Rk 69eb66847cb99bc64ed36146fe94e0ec
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Privacy-pass] Httpdir last call review of draft-ietf-privacypass-protocol-12
Archived-At: <https://www.w3.org/mid/51A4E634-C7A2-48C2-A0BE-3DB5460F52C1@apple.com>
To follow up here, Chris published a revision just now to address this: https://www.ietf.org/archive/id/draft-ietf-privacypass-protocol-13.html Best, Tommy > On Aug 30, 2023, at 8:53 PM, Mark Nottingham via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Mark Nottingham > Review result: Ready with Issues > > Reviewing purely from the perspective of how this document uses HTTP> > > * Given that 'This document describes the issuance protocol for Privacy Pass > built on [HTTP]', I suspect it should be a normative reference. > > * 'The Issuer directory and Issuer resources SHOULD be available on the same > domain.' Is "domain" a _hostname_, _origin_, or something else, e.g., using the > Public Suffix List? > > * 'Issuers SHOULD use HTTP caching to permit caching of this resource > [RFC5861].' Either 'SHOULD use HTTP cache directives...' or 'SHOULD permit > caching..'. > > * Examples use HTTP/2; the style guide recommends using HTTP/1.1 for all > examples except for those that are specific to a protocol version. See: > <https://httpwg.org/admin/editors/style-guide> > > * It's not necessary to specify Cache-Control on POST requests. > > * 'If any of these conditions is not met, the Issuer MUST return an HTTP 400 > error to the client.' > > - HTTP status codes should be spelled out; e.g., "400 (Bad Request)". > > - 422 (Unprocessable Content) might be a better status code to use here, > though -- 400 will be used by generic HTTP software for problems at that > layer, and so you won't be able to distinguish those problems from these more > specific ones. > > - Also, we generally encourage using SHOULD when specifying a status code > like this, so that clients don't form the view that they can depend on seeing > this status code in this situation (they can't; intermediary and other > software may change the status code). > > - Have you considered defining one or more HTTP problem types (RFC9457) to > provide more granularity and detail? > > > > -- > Privacy-pass mailing list > Privacy-pass@ietf.org > https://www.ietf.org/mailman/listinfo/privacy-pass
- Httpdir last call review of draft-ietf-privacypas… Mark Nottingham via Datatracker
- Re: [Privacy-pass] Httpdir last call review of dr… Tommy Pauly