Secdir last call review of draft-ietf-httpbis-binary-message-04
Daniel Migault via Datatracker <noreply@ietf.org> Wed, 01 June 2022 14:01 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E8DC14F72E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 1 Jun 2022 07:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.66
X-Spam-Level:
X-Spam-Status: No, score=-7.66 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LbiuWdVqMJ-V for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 1 Jun 2022 07:01:20 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63591C14F718 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 1 Jun 2022 07:01:19 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nwOsE-0005t1-EA for ietf-http-wg-dist@listhub.w3.org; Wed, 01 Jun 2022 13:58:58 +0000
Resent-Date: Wed, 01 Jun 2022 13:58:58 +0000
Resent-Message-Id: <E1nwOsE-0005t1-EA@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <noreply@ietf.org>) id 1nwOsC-0005s8-UP for ietf-http-wg@listhub.w3.org; Wed, 01 Jun 2022 13:58:56 +0000
Received: from mail.ietf.org ([50.223.129.194]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <noreply@ietf.org>) id 1nwOsA-0000w9-Sv for ietf-http-wg@w3.org; Wed, 01 Jun 2022 13:58:56 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 828F0C14F738; Wed, 1 Jun 2022 06:58:43 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Daniel Migault via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-httpbis-binary-message.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.3.1
Auto-Submitted: auto-generated
Message-ID: <165409192352.14846.17921142823025268323@ietfa.amsl.com>
Reply-To: Daniel Migault <daniel.migault@ericsson.com>
Date: Wed, 01 Jun 2022 06:58:43 -0700
Received-SPF: pass client-ip=50.223.129.194; envelope-from=noreply@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1nwOsA-0000w9-Sv d62a48254444650293a604089f9ebb30
X-Original-To: ietf-http-wg@w3.org
Subject: Secdir last call review of draft-ietf-httpbis-binary-message-04
Archived-At: <https://www.w3.org/mid/165409192352.14846.17921142823025268323@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40059
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Reviewer: Daniel Migault Review result: Ready Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. abstract: """ As such, this format is unlikely to be suitable for applications that depend on an exact recording of the encoding of messages.""" I am wondering what it actually means. Typically, I do not see much differences between the content provided by bmessage and message. For my own information, in case a response is compressed I am wondering if the compression would occur "over" the bmessage or if the bmessage would include the compressed content. Section 3. I have the impression item 2 of the list could be more consistent with the other items that is starting with 2. interim response. By the way wouldn't informational response more appropriated ? Section 4 This document describes a number of ways that a message can be invalid. Invalid messages MUST NOT be processed except to log an error and produce an error response. The message seems to be at least processed to determined it is invalid. I believe what we are trying to say here is that the message must not be passed to the application or must be discarded as soon as it is detected to be invalid.
- Secdir last call review of draft-ietf-httpbis-bin… Daniel Migault via Datatracker
- Re: Secdir last call review of draft-ietf-httpbis… Martin Thomson