Re: Last Call: RFC 2818 (HTTP Over TLS) to Proposed Standard

Alexey Melnikov <> Sun, 10 June 2012 17:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C328321F85A3 for <>; Sun, 10 Jun 2012 10:39:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.159
X-Spam-Status: No, score=-103.159 tagged_above=-999 required=5 tests=[AWL=-3.444, BAYES_05=-1.11, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fqZ9LVQfo-4b for <>; Sun, 10 Jun 2012 10:39:11 -0700 (PDT)
Received: from ( [IPv6:2a00:14f0:e000:7c::2]) by (Postfix) with ESMTP id D35A321F858E for <>; Sun, 10 Jun 2012 10:39:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1339349949;; s=selector;; bh=O/xZwHVglml6piyTcChuGI4oBaNed444RmEDrqJh548=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Jkav8NO+MNgtLphbb0bhdqktU406CLXLAgjonnRVE7Edks/7TB/u/Dx9hzm9FPXRU7p8wd XdZfIwm1H2i9Gn+SLrV45AhxKxl/kUGAAdvbxu/vDllg19gCOB9bQyreSGW2QyZcQP+ByE QkKVvSLv7mXMZMAVM8Z8tKiSBCnWY3w=;
Received: from [] ( []) by (submission channel) via TCP with ESMTPSA id <>; Sun, 10 Jun 2012 18:39:08 +0100
Subject: Re: Last Call: RFC 2818 (HTTP Over TLS) to Proposed Standard
References: <> <>
From: Alexey Melnikov <>
X-Mailer: iPad Mail (9B206)
In-Reply-To: <>
Message-Id: <>
Date: Sun, 10 Jun 2012 18:39:05 +0100
To: SM <>, "" <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 10 Jun 2012 17:39:11 -0000

Adding to what SM already wrote (and yes, I've reread the whole document):

On 1 Jun 2012, at 21:23, SM <> wrote:

> At 09:42 01-06-2012, IESG Secretary wrote:
>> The IESG has received a request from the TLS Working Group to reclassify RFC 2818 (HTTP Over TLS) to Proposed Standard.
>> The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf at mailing lists by
> Could the IESG please use instead of obfuscating the email address?  Some of us are lazy especially on Fridays.
> Erratum #1077 has been classified as "Held for Document Update".  Will there ever be a document update?  Implementing this specification requires HTTP/1.1 and TLS 1.0.  I suggest updating the reference to RFC 4346 at least and waiting for the updated HTTP specifications.

Yes, it would be worth doing that if the document is reopened.

> St. Andre and Mr. Hodges authored a Proposed Standard called "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)".  Quoting from Section 1.4:
>  "the procedures described here can be referenced by future
>   specifications, including updates to specifications for
>   existing application protocols if the relevant technology
>   communities agree to do so."
> May I suggest taking the above into consideration and at least put some minimal effort into a 2818bis?

Not surprisingly I agree with you.

Also note that HTTPBis WG has folded the updated definition of https:// URI schemes (Section 2.4 of RFC 2818) into one of its documents. I think it would be good to make it clear to readers which document defines the URI scheme.

As far as reopening the document is concerned: I slightly prefer to do rfc2818bis although I understand that doing a -bis always takes longer than originally anticipated.