Re: [secdir] secdir review of draft-nottingham-http-new-status-03
Stephen Hanna <shanna@juniper.net> Mon, 30 January 2012 15:22 UTC
Return-Path: <shanna@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D01C121F8530; Mon, 30 Jan 2012 07:22:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pu9uqRzm8BA; Mon, 30 Jan 2012 07:22:39 -0800 (PST)
Received: from exprod7og115.obsmtp.com (exprod7og115.obsmtp.com [64.18.2.217]) by ietfa.amsl.com (Postfix) with ESMTP id 47DF021F8518; Mon, 30 Jan 2012 07:22:29 -0800 (PST)
Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob115.postini.com ([64.18.6.12]) with SMTP ID DSNKTya1tFTh75tJUxYl12LmBvFtwA+U+FYl@postini.com; Mon, 30 Jan 2012 07:22:39 PST
Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Mon, 30 Jan 2012 07:22:07 -0800
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Mon, 30 Jan 2012 10:22:06 -0500
From: Stephen Hanna <shanna@juniper.net>
To: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 30 Jan 2012 10:22:05 -0500
Thread-Topic: secdir review of draft-nottingham-http-new-status-03
Thread-Index: AczfYUO3oKpAesuPQqeen+7Xx1BFdgAAZu8w
Message-ID: <AC6674AB7BC78549BB231821ABF7A9AEB829FBD8AD@EMBX01-WF.jnpr.net>
References: <AC6674AB7BC78549BB231821ABF7A9AEB82253AD14@EMBX01-WF.jnpr.net> <4F109383.1090505@gmx.de> <AC6674AB7BC78549BB231821ABF7A9AEB82253AE7B@EMBX01-WF.jnpr.net> <ED1DC359-2B17-4DA8-82C6-34E6DCDE918E@mnot.net> <0EEB0CDF-6D05-4EA7-9244-CA80C03BD11D@mnot.net> <AC6674AB7BC78549BB231821ABF7A9AEB829FBD878@EMBX01-WF.jnpr.net> <4F26B2C4.9010808@gmx.de>
In-Reply-To: <4F26B2C4.9010808@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: fa292fd1-9837-42fa-9560-006eca2aed31
Cc: "draft-nottingham-http-new-status@tools.ietf.org" <draft-nottingham-http-new-status@tools.ietf.org>, Mark Nottingham <mnot@mnot.net>, "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-nottingham-http-new-status-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jan 2012 15:22:42 -0000
Yes -Steve > -----Original Message----- > From: Julian Reschke [mailto:julian.reschke@gmx.de] > Sent: Monday, January 30, 2012 10:10 AM > To: Stephen Hanna > Cc: Mark Nottingham; draft-nottingham-http-new-status@tools.ietf.org; > secdir@ietf.org; ietf@ietf.org > Subject: Re: secdir review of draft-nottingham-http-new-status-03 > > On 2012-01-30 16:05, Stephen Hanna wrote: > > Mark, > > > > I don't want to rehash the discussion that we've already had. > > Clearly, you prefer brevity while I would prefer education in > > this instance. > > > > I can live with your text for status codes 428, 429, and 431. For > > 511, I don't think it's adequate to just say that big security > > issues already exist. You should at least give some suggestions > > for how to deal with them. For example, you could point out that > > most user agents include some indication of whether the server > > has been authenticated. For captive portals, this indication will > > generally not be displayed so the user receives some warning > > that the response did not come from the requested URL. > > Are you referring to HTTPS? > > Best regards, Julian
- [secdir] secdir review of draft-nottingham-http-n… Stephen Hanna
- Re: [secdir] secdir review of draft-nottingham-ht… Stephen Hanna
- Re: [secdir] secdir review of draft-nottingham-ht… Julian Reschke
- Re: [secdir] secdir review of draft-nottingham-ht… Mark Nottingham
- Re: [secdir] secdir review of draft-nottingham-ht… Mark Nottingham
- Re: [secdir] secdir review of draft-nottingham-ht… Mark Nottingham
- Re: [secdir] secdir review of draft-nottingham-ht… Stephen Hanna
- Re: [secdir] secdir review of draft-nottingham-ht… Julian Reschke
- Re: [secdir] secdir review of draft-nottingham-ht… Stephen Hanna
- Re: [secdir] secdir review of draft-nottingham-ht… Julian Reschke
- Re: [secdir] secdir review of draft-nottingham-ht… Mark Nottingham