Re: [Last-Call] [Privacy-pass] Httpdir last call review of draft-ietf-privacypass-protocol-12
Tommy Pauly <tpauly@apple.com> Tue, 12 September 2023 20:49 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 753D4C15199B for <last-call@ietfa.amsl.com>; Tue, 12 Sep 2023 13:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4rCBVNNnftZ for <last-call@ietfa.amsl.com>; Tue, 12 Sep 2023 13:49:40 -0700 (PDT)
Received: from ma-mailsvcp-mx-lapp01.apple.com (ma-mailsvcp-mx-lapp01.apple.com [17.32.222.22]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73115C1527BC for <last-call@ietf.org>; Tue, 12 Sep 2023 13:49:40 -0700 (PDT)
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma-mailsvcp-mx-lapp01.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S0W00V1L4IAZL30@ma-mailsvcp-mx-lapp01.apple.com> for last-call@ietf.org; Tue, 12 Sep 2023 13:49:33 -0700 (PDT)
X-Proofpoint-ORIG-GUID: NFn_KlzTXyJpck5MqQBSUU1SqJfloYjU
X-Proofpoint-GUID: NFn_KlzTXyJpck5MqQBSUU1SqJfloYjU
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.601, 18.0.957 definitions=2023-09-12_19:2023-09-05, 2023-09-12 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 mlxscore=0 phishscore=0 adultscore=0 mlxlogscore=999 spamscore=0 bulkscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000 definitions=main-2309120175
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=Px1VsN93/i2s1y5Xu34WwHrzwdLS+B4cVC5GzaXaf6w=; b=hpEV+JlRcjo1yQ5ephzRRJRNZpxFIOuVC6ZECPRG478aYzvL4iUTYb4M4pC5CNzDwVmU ZSpUJtgcEEyzpmFr4V7/g6LJWG9MTJqRL8WbqRHoBriFEo/N4a0Bf+HkD4kKSR7rmdGX jPjqVboIKpo1AgzJyGDuS/YiFk5lWCGD7rL5esAIqAdQyIQ/D/ipugtyATZVPdFBAd3W xJwJYDexmSpD1Fy62O/PRpUebV8v2d1CS9BUgDkO2yy8uOkPqm/5NItWMs7AXOtvTTmC 2OEtbgMZCELQjvtSVWS4OUgsryWnKAY1qXTbnd85nGYd3pw7hsPsHLcZHbY+1HO0z9rI HQ==
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S0W00N9L4IIINU0@rn-mailsvcp-mta-lapp04.rno.apple.com>; Tue, 12 Sep 2023 13:49:31 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S0W0090048UGX00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Tue, 12 Sep 2023 13:49:30 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 1ea9fc21d4317491099989f2a1fdb838
X-Va-E-CD: d16a74b81ee6c43392e56effa723cfc7
X-Va-R-CD: b14fb2c81d87140ce73ba34002a38556
X-Va-ID: 90659e46-37f4-4652-90bc-7243b056ceef
X-Va-CD: 0
X-V-A:
X-V-T-CD: 1ea9fc21d4317491099989f2a1fdb838
X-V-E-CD: d16a74b81ee6c43392e56effa723cfc7
X-V-R-CD: b14fb2c81d87140ce73ba34002a38556
X-V-ID: f60cc2b5-4e1a-432b-9e4e-38eba796cde5
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.601, 18.0.957 definitions=2023-09-12_19:2023-09-05, 2023-09-12 signatures=0
Received: from smtpclient.apple ([17.11.216.241]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S0W00JY24II6Y00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Tue, 12 Sep 2023 13:49:30 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <51A4E634-C7A2-48C2-A0BE-3DB5460F52C1@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_6F8C9345-745B-4F60-B8BF-502FE6623905"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
Date: Tue, 12 Sep 2023 13:49:20 -0700
In-reply-to: <169345403996.812.3096903782580737856@ietfa.amsl.com>
Cc: ietf-http-wg@w3.org, draft-ietf-privacypass-protocol.all@ietf.org, last-call@ietf.org, privacy-pass@ietf.org
To: Mark Nottingham <mnot@mnot.net>
References: <169345403996.812.3096903782580737856@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/gT8R-syBt9wRLENTZrm_SZzXZJc>
Subject: Re: [Last-Call] [Privacy-pass] Httpdir last call review of draft-ietf-privacypass-protocol-12
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Sep 2023 20:49:44 -0000
To follow up here, Chris published a revision just now to address this: https://www.ietf.org/archive/id/draft-ietf-privacypass-protocol-13.html Best, Tommy > On Aug 30, 2023, at 8:53 PM, Mark Nottingham via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Mark Nottingham > Review result: Ready with Issues > > Reviewing purely from the perspective of how this document uses HTTP> > > * Given that 'This document describes the issuance protocol for Privacy Pass > built on [HTTP]', I suspect it should be a normative reference. > > * 'The Issuer directory and Issuer resources SHOULD be available on the same > domain.' Is "domain" a _hostname_, _origin_, or something else, e.g., using the > Public Suffix List? > > * 'Issuers SHOULD use HTTP caching to permit caching of this resource > [RFC5861].' Either 'SHOULD use HTTP cache directives...' or 'SHOULD permit > caching..'. > > * Examples use HTTP/2; the style guide recommends using HTTP/1.1 for all > examples except for those that are specific to a protocol version. See: > <https://httpwg.org/admin/editors/style-guide> > > * It's not necessary to specify Cache-Control on POST requests. > > * 'If any of these conditions is not met, the Issuer MUST return an HTTP 400 > error to the client.' > > - HTTP status codes should be spelled out; e.g., "400 (Bad Request)". > > - 422 (Unprocessable Content) might be a better status code to use here, > though -- 400 will be used by generic HTTP software for problems at that > layer, and so you won't be able to distinguish those problems from these more > specific ones. > > - Also, we generally encourage using SHOULD when specifying a status code > like this, so that clients don't form the view that they can depend on seeing > this status code in this situation (they can't; intermediary and other > software may change the status code). > > - Have you considered defining one or more HTTP problem types (RFC9457) to > provide more granularity and detail? > > > > -- > Privacy-pass mailing list > Privacy-pass@ietf.org > https://www.ietf.org/mailman/listinfo/privacy-pass
- [Last-Call] Httpdir last call review of draft-iet… Mark Nottingham via Datatracker
- Re: [Last-Call] [Privacy-pass] Httpdir last call … Tommy Pauly