[rtcweb] Alexey Melnikov's Discuss on draft-ietf-rtcweb-security-arch-18: (with DISCUSS)
Alexey Melnikov <aamelnikov@fastmail.fm> Tue, 05 March 2019 09:52 UTC
Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: rtcweb@ietf.org
Delivered-To: rtcweb@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2075E13105D; Tue, 5 Mar 2019 01:52:48 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-rtcweb-security-arch@ietf.org, Sean Turner <sean@sn3rd.com>, rtcweb-chairs@ietf.org, sean@sn3rd.com, rtcweb@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.92.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155177956812.24656.14146723462005957233.idtracker@ietfa.amsl.com>
Date: Tue, 05 Mar 2019 01:52:48 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/HLv1Db77jKS5bvFXThQDQeWCj4Q>
Subject: [rtcweb] Alexey Melnikov's Discuss on draft-ietf-rtcweb-security-arch-18: (with DISCUSS)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 09:52:53 -0000
Alexey Melnikov has entered the following ballot position for draft-ietf-rtcweb-security-arch-18: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for a well written document! My apologies for filing a procedural DISCUSS on this, but I am looking at: 7.5. Determining the IdP URI 3. The path, starting with "/.well-known/idp-proxy/" and appended with the IdP protocol. Note that the separator characters '/' (%2F) and '\' (%5C) MUST NOT be permitted in the protocol field, lest an attacker be able to direct requests outside of the controlled "/.well-known/" prefix. Query and fragment values MAY be used by including '?' or '#' characters. "idp-proxy" is not registered in the IANA's <https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml> registry and this document doesn't register it either. If I missed where this is registered, please point me to the right document. If I haven't, please register it in this document.
- [rtcweb] Alexey Melnikov's Discuss on draft-ietf-… Alexey Melnikov
- Re: [rtcweb] Alexey Melnikov's Discuss on draft-i… Adam Roach
- Re: [rtcweb] Alexey Melnikov's Discuss on draft-i… Sean Turner
- Re: [rtcweb] Alexey Melnikov's Discuss on draft-i… Sean Turner
- Re: [rtcweb] Alexey Melnikov's Discuss on draft-i… Adam Roach