IETF Logo Mail Archive

Re: Ben Campbell's Yes on draft-ietf-httpbis-expect-ct-07: (with COMMENT)

Mark Nottingham <mnot@mnot.net> Wed, 12 September 2018 16:06 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50AA9130E43 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Sep 2018 09:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=HFj2JkCk; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=pJB5TWKK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f3MAoazRebu4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Sep 2018 09:06:42 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 987F0130E7A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 12 Sep 2018 09:06:42 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1g07cg-0000Gf-Dw for ietf-http-wg-dist@listhub.w3.org; Wed, 12 Sep 2018 16:04:10 +0000
Resent-Date: Wed, 12 Sep 2018 16:04:10 +0000
Resent-Message-Id: <E1g07cg-0000Gf-Dw@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1g07ca-0000FB-KQ for ietf-http-wg@listhub.w3.org; Wed, 12 Sep 2018 16:04:04 +0000
Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1g07cY-0006fV-PM for ietf-http-wg@w3.org; Wed, 12 Sep 2018 16:04:04 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id F3BF021AFB; Wed, 12 Sep 2018 12:03:41 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 12 Sep 2018 12:03:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=D2MML9CHeMM+UdXKIw5YuWmM158Wn 5OALm6/CmA70g0=; b=HFj2JkCkcCOARj2if1a4NsMXj6Jee+PC1yn9WWYFMRsRB j3bf+MP5xTa9UZ6s+rJS6sM3Txr+MXNmV4/HMr+PZn1lBQFVGMQO5YJtYFRWJqpF 4HrSj2IccbVVe11T8XdhLkRNouzGWT4ao8Wgj7ATnr4cGWtpnjtWDAopJV/OMguj QjCJ6Hr4bpaTOoRm0ZfSvqaN8nDceMo2G4J45AIaw9dKjthQ2Nr03vZJij15d6Pz 2kJgEUAu1DRR3Plf/x+RhEsHUT14r8YAqSXMO3mEl/36ljxW4K+TGjcyvph9USee 69iF2e3MTTXPIw6/cnFKoBaV7aAy5h1GHLOGRY9wQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=D2MML9 CHeMM+UdXKIw5YuWmM158Wn5OALm6/CmA70g0=; b=pJB5TWKKVfJ87sM49/l2ic KNXOZlCo2LMb7VLQ0drLHp4Q9IVahT/X7p2jmdQzbPpfboQnjtmQ4AqXVMLVZbQ4 q7j3p3P8RIgZEPntahVr4HFLH3BGFs5O304V4HN2wXxdEv+XZVAJjuR3tUkJi3VH uqX3T+avHnEs/zcwNvJmZzuboVRc/kJepyD2XfERFjeBg1Qa1vVis0HnFmHuLmGI J0sP6HewoMArbJZqStNQiSlWmwFpfAWfpzDRi5aF3ikGsXyXZjW0oxoYMZN0Lal9 QDISw065NUk6VzucN1kXIWPBigHsI1Ri7npmk7DzdD2aQwJDKOQdXEcso6aIqFFg ==
X-ME-Proxy: <xmx:2ziZW6cNanTJGcqmQhPEx6hG_9TKyObaXhPmFF28C7fDFfH7AUPcnQ> <xmx:2ziZW8wuKJ6OYJeeQYOyIsoc_WsCRUxcJYwZApo-yV9sDwktS60Scw> <xmx:3DiZWynZMBqsebKgOOTp8uhFOrDaLv6YkvJGVouob8TztOV6QqBScA> <xmx:3DiZW9CphuYcRjZeKooghMRsd_dH9Dvl--N1JcfSs4pXreXjYzabeg> <xmx:3DiZW3dD1Ij4lcg8wwNnonMTwc1_kL6La7b5WMiM8GGNQSigunMiRw> <xmx:3TiZWxAPqoDhGb_c_nuHLfSiR6cZumhoy22KhFu6KVYQTmZJyQdBjQ>
X-ME-Sender: <xms:2ziZW_XNfQaYuqb6C8dn_vujYBmrkfXvr8kH1na-TZpfAhU8f8LUlw>
Received: from [172.20.2.3] (h194.135.186.173.static.ip.windstream.net [173.186.135.194]) by mail.messagingengine.com (Postfix) with ESMTPA id 2D1D4102A0; Wed, 12 Sep 2018 12:03:39 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <153671839811.16757.7575392548000373864.idtracker@ietfa.amsl.com>
Date: Wed, 12 Sep 2018 09:03:37 -0700
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-expect-ct@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A65E3A2C-1F09-4BB0-9D86-2CD9EF4D4219@mnot.net>
References: <153671839811.16757.7575392548000373864.idtracker@ietfa.amsl.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-W3C-Hub-Spam-Status: No, score=-9.7
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1g07cY-0006fV-PM e2cac3da1f75bebe84386daedb9abb70
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Ben Campbell's Yes on draft-ietf-httpbis-expect-ct-07: (with COMMENT)
Archived-At: <https://www.w3.org/mid/A65E3A2C-1F09-4BB0-9D86-2CD9EF4D4219@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35903
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Ben,

Just one comment -

> On 11 Sep 2018, at 7:13 pm, Ben Campbell <ben@nostrum.com> wrote:
> 
> Ben Campbell has entered the following ballot position for
> draft-ietf-httpbis-expect-ct-07: Yes
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thanks for this work. I'm balloting "Yes", but I have a few minor comments.
> 
> Substantive:
> 
> §2.1, step 6: Is there no room for local policy here?
> 
> §2.1.3: The guidance for max-age in the security considerations section
> suggests 30 days is a good value. But the directive is specified in seconds.
> Does that make sense? Would a 1 second max-age ever be reasonable? Or even 30
> days + 1 second?

Pretty much everything in HTTP is done at second granularity; deviating from that would be odd IMO.

Cheers,

> 
> Editorial:
> 
> - General: This uses a non-standard section order towards the end.
> Conventionally the last 2 sections should be security considerations and IANA
> considerations (although the order between those two varies.)
> 
> §2.2.2: The second sentence is about UA behavior. It seems like that belongs
> somewhere under §2.3.
> 
> §2.3: "SHALL be canonicalized"
> By the UA?  (The use of passive voice here obscures the actor.)
> 
> 

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email