IETF Logo Mail Archive

Re: #148: Reasonable Assurances and H2C

Martin Thomson <martin.thomson@gmail.com> Sat, 20 February 2016 02:40 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD2F01B36D3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 19 Feb 2016 18:40:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.008
X-Spam-Level:
X-Spam-Status: No, score=-7.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1yrkiGCojYl for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 19 Feb 2016 18:40:54 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF1CF1B2AD3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 19 Feb 2016 18:40:54 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aWxQm-0006B1-4c for ietf-http-wg-dist@listhub.w3.org; Sat, 20 Feb 2016 02:38:00 +0000
Resent-Date: Sat, 20 Feb 2016 02:38:00 +0000
Resent-Message-Id: <E1aWxQm-0006B1-4c@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1aWxQh-00068Q-Mh for ietf-http-wg@listhub.w3.org; Sat, 20 Feb 2016 02:37:55 +0000
Received: from mail-ig0-f182.google.com ([209.85.213.182]) by maggie.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1aWxQf-0004nI-0t for ietf-http-wg@w3.org; Sat, 20 Feb 2016 02:37:54 +0000
Received: by mail-ig0-f182.google.com with SMTP id y8so52115222igp.0 for <ietf-http-wg@w3.org>; Fri, 19 Feb 2016 18:37:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=M1DSEUq7pNi6kE7q+AxFWQD7AauUehPVVjyDDbrjneU=; b=qrtxwI5hGy9LvIWnlGfG2g4IjRBR1i0vA8VwCocFXuiSHX9XqJRuJcqmlZRMkjdhv9 mslO0Q697/quR82fufLHrrzMYYWFmMw8WL8OF2U7Gc3ZaP/x3pd2aOEu5rUYCe1gJ35M lq6/r/LFAbjxgzT6U0rcuY7XyS7iSv1/QTveaOFKPw5G8JMgqgVb3lYbKdky5FSZVCQA IRpi4PDQKpct8wNg1zTs43d85PjNdmtGWHfJWtkdY5Kpk5wobdWPUU+7XvnCABR154v6 mjw7wQ2M9zVbCiXx/UP8I+2PlIaElGZ9hdvr1H6xCcThd8isYdCXpmn8NuoBJTifnqr9 NBPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=M1DSEUq7pNi6kE7q+AxFWQD7AauUehPVVjyDDbrjneU=; b=cQsJEZXrAzT7O+ClNhKhRtZfN4K39df2u3VVoqnclIknz0pnnPIcvXGsx/e+laIlwP AQOFtk2tqI4lZL5TEuKFhtbpSErk+Zh8lU2k1dck2lPyjIdlVqRAolo9DYxO8dD44cJk nAnpNnPFVRzeHoF1V8EM/b61W0pf2DxNIcQh4l+5sR7r0tUh2YcmXzUFHBA7Ijp9brz5 dspawCPhrk//B1sCkPaC6JidLY/T+EvLGLK9ZkoM/82RkoR/eeo41IxrV8gXlZvgLhHG GOLmlmJOna/nmjACQGaHOZcSPq8PTLdINQalrxfcjuFMlpzK3xvn2T8lTsiDS/CIe3b+ xx3Q==
X-Gm-Message-State: AG10YOQnLJgHQ0H1p4wAHHU9ttBU1hTDF0NdIr7CWDoLRS3l4k9dqWlZtiqc4HAOU/qmJ3c3HaFGE0dWfc3Zug==
MIME-Version: 1.0
X-Received: by 10.50.20.129 with SMTP id n1mr246385ige.77.1455935846769; Fri, 19 Feb 2016 18:37:26 -0800 (PST)
Received: by 10.36.53.79 with HTTP; Fri, 19 Feb 2016 18:37:26 -0800 (PST)
In-Reply-To: <C2145C5A-0255-43F9-A44A-F6C7974CDD4C@mnot.net>
References: <20160209074851.32332.24065.idtracker@ietfa.amsl.com> <20160209182822.C37A959F@welho-filter2.welho.com> <B7164F24-DDA1-4753-8A8B-04809B1965FF@mnot.net> <CAC4RtVCCExJNE0y8480vC1W56NP4XhzfvLs+ASh1Qy-UcDPBNw@mail.gmail.com> <C2145C5A-0255-43F9-A44A-F6C7974CDD4C@mnot.net>
Date: Fri, 19 Feb 2016 18:37:26 -0800
Message-ID: <CABkgnnW3-c1qaC_N2UP5TLnPS0rrOYjOYFb4nhUzfQ_8AFsTJA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP WG <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.213.182; envelope-from=martin.thomson@gmail.com; helo=mail-ig0-f182.google.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.832, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1aWxQf-0004nI-0t a1d5f746b37f05e67e43d1074e052e6f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #148: Reasonable Assurances and H2C
Archived-At: <http://www.w3.org/mid/CABkgnnW3-c1qaC_N2UP5TLnPS0rrOYjOYFb4nhUzfQ_8AFsTJA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31080
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 19 February 2016 at 18:16, Mark Nottingham <mnot@mnot.net> wrote:
> The remaining question (3 in the issue) is whether we should firm up the definition of "reasonable assurances" to require another way of achieving that to be documented in an RFC that updates this one.
>
> Mike B has already supported this approach; what do others think?

I think that it's a fine approach.

Are we simply going to reference RFC 2818 in defining "reasonable
assurances"?  Maybe with a "Assurances that are considered reasonable
might include the certificate checks defined in RFC 2818, though
additional or alternative checks might be used by clients."

v2.30.2 | Report a Bug | By Email | System Status