[secdir] New Version Notification for draft-ietf-appsawg-multipart-form-data-10.txt
Larry Masinter <masinter@adobe.com> Wed, 08 April 2015 16:56 UTC
Return-Path: <masinter@adobe.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A1F1B3469; Wed, 8 Apr 2015 09:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YI-CdR1h0im9; Wed, 8 Apr 2015 09:56:53 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0064.outbound.protection.outlook.com [207.46.100.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FE1F1B3480; Wed, 8 Apr 2015 09:56:45 -0700 (PDT)
Received: from DM2PR02MB1322.namprd02.prod.outlook.com (25.161.142.21) by DM2PR02MB1324.namprd02.prod.outlook.com (25.161.142.23) with Microsoft SMTP Server (TLS) id 15.1.118.21; Wed, 8 Apr 2015 16:56:43 +0000
Received: from DM2PR02MB1322.namprd02.prod.outlook.com ([25.161.142.21]) by DM2PR02MB1322.namprd02.prod.outlook.com ([25.161.142.21]) with mapi id 15.01.0118.029; Wed, 8 Apr 2015 16:56:43 +0000
From: Larry Masinter <masinter@adobe.com>
To: Barry Leiba <barryleiba@computer.org>
Thread-Topic: New Version Notification for draft-ietf-appsawg-multipart-form-data-10.txt
Thread-Index: AQHQchz9cL6gWwvF/0Kwne7pYXQgPw==
Date: Wed, 08 Apr 2015 16:56:43 +0000
Message-ID: <868AA964-D30D-4750-8F3D-5DE7073BA0C6@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/15.8.0.150303
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [50.184.24.49]
authentication-results: computer.org; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR02MB1324;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10009020)(6009001)(33656002)(230783001)(62966003)(99286002)(82746002)(40100003)(110136001)(83506001)(86362001)(229853001)(19580395003)(106116001)(77156002)(83716003)(87936001)(2656002)(2900100001)(1720100001)(46102003)(66066001)(2420400003)(122556002)(50986999)(102836002)(54356999)(92566002)(36756003)(15975445007)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR02MB1324; H:DM2PR02MB1322.namprd02.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <DM2PR02MB132468E8090D5ACE6F77E02EC3FC0@DM2PR02MB1324.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:DM2PR02MB1324; BCL:0; PCL:0; RULEID:; SRVR:DM2PR02MB1324;
x-forefront-prvs: 0540846A1D
Content-Type: text/plain; charset="utf-8"
Content-ID: <67ACFC53840DC34EA7243713E09E777C@namprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2015 16:56:43.3455 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR02MB1324
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/L3GxSyPJBDT9x7Nsxi3mIfecXOc>
Cc: "draft-ietf-appsawg-multipart-form-data.all@tools.ietf.org" <draft-ietf-appsawg-multipart-form-data.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: [secdir] New Version Notification for draft-ietf-appsawg-multipart-form-data-10.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 16:56:55 -0000
To address IESG last call comments better: URL: http://www.ietf.org/internet-drafts/draft-ietf-appsawg-multipart-form-data-10.txt Status: https://datatracker.ietf.org/doc/draft-ietf-appsawg-multipart-form-data/ Htmlized: http://tools.ietf.org/html/draft-ietf-appsawg-multipart-form-data-10 Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-appsawg-multipart-form-data-10 ====== additional typos noted now fixed. revisiting previous replies: Security considerations: Uncle. I was just unhappy that the Security Considerations section could be better, more coherent, and actually flowed rather than what’s there. But as suggested, I have moved the last paragraph to the first. In -10 I also rewrote my previously snarky: OLD More problematic is the ambiguity introduced because implementations did not follow [RFC2388] because it used "may" instead of "MUST" when specifying encoding of field names, and for other unknown reasons, so now, parsers need to be more complex for fuzzy matching against the possible outputs of various encoding methods. to a less snarky: NEW More problematic are the differences introduced when implementors opted to not follow [RFC2388] when encoding non-ASCII field names (perhaps because "may" should have been "MUST"). As a result, parsers need to be more complex for matching against the possible outputs of various encoding methods. to not further disparage implementor innovation. Larry — http://larry.masinter.net
- [secdir] New Version Notification for draft-ietf-… Larry Masinter