[Jmap] Benjamin Kaduk's No Objection on draft-ietf-jmap-websocket-05: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Tue, 18 February 2020 00:23 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: jmap@ietf.org
Delivered-To: jmap@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D539E12002E; Mon, 17 Feb 2020 16:23:57 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-jmap-websocket@ietf.org, Jim Fenton <fenton@bluepopcorn.net>, jmap-chairs@ietf.org, fenton@bluepopcorn.net, jmap@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.117.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <158198543786.24029.15031679428277039203.idtracker@ietfa.amsl.com>
Date: Mon, 17 Feb 2020 16:23:57 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/gbtdAUMr3JzERImbCBgMSg_mztI>
Subject: [Jmap] Benjamin Kaduk's No Objection on draft-ietf-jmap-websocket-05: (with COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2020 00:23:58 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-jmap-websocket-05: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-jmap-websocket/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for addressing my discuss points (and comments!) on the -04! I do want to have a bit more discussion in light of the late-breaking secdir review, though. Specifically, RFC 6455's security considerations have significant discussion of the web's "Origin" concept and how it applies both in the case of trusted browsers running untrusted javascript, and potentially untrusted native applications. I did not see any follow-up discussion in response to the secdir reviewer's comments, and wonder if we need to say anything about the relationship between the Origin of the JMAP API endpoint and the websocket endpoint. I'd also like to have a bit of discussion about the risks of compression, which I mentioned in my comments on the -04 but don't remember seeing any follow-up on. Section 4.3.1 What's the difference between an unsupported JMAP vs. unsupported JSON object? E.g., what would make something "well-formed JMAP" but still unsupported? Section 5 It's best to refer to RFC 7525 as BCP 195, to incorporate any future updates.
- [Jmap] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker