Re: [secdir] Secdir last call review of draft-ietf-httpbis-early-hints-03

Melinda Shore <melinda.shore@gmail.com> Fri, 07 July 2017 05:54 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD2C12FEE1; Thu, 6 Jul 2017 22:54:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M38TgKKxAq-W; Thu, 6 Jul 2017 22:54:01 -0700 (PDT)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62BC812F257; Thu, 6 Jul 2017 22:54:01 -0700 (PDT)
Received: by mail-pf0-x234.google.com with SMTP id e7so11998769pfk.0; Thu, 06 Jul 2017 22:54:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=5poBw+n7N9x7eJzrIhs1M1VExP+MFP3lWFUVhGDSkq8=; b=lSAGZoJG2NCF/M6lnbmupRt0a+X0IT2ajgkd67VNavozq4vlHf2+xL256uJTJTA0Bh eQ4xgxnLkbKwjz7uIkrdJNKFyKGbLbXjwpkGbl9ckwSJBgxcieDeFpy1bSs66r+byqgx z0YIc8U2jgAO5/VwpUSc0feEOvURfjKvDs+bsTwIVmmeI2IjEZKurbx4J+uzzCoYKaz+ sHj+zRnrV8CKjqIdzNt1nwyJyxStozzoUVUgGNQJAt4Rf/Ukt5l6UGN8Zj//66g6iGYB W34aMj/ynZhIiYMJ7RQfhW2ZMd4p/HACM4yNx6ekGOqUBMbZiQ4AwwQyGDYBUlboSCUO IMsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=5poBw+n7N9x7eJzrIhs1M1VExP+MFP3lWFUVhGDSkq8=; b=uQ3roHhn3rrEufsT6r5RHkMNcLxuyHX7VZLvybcOmOM8tG3EDePSSvn7vG0i19QSil x9/9/AG3t/BaS2/iOiN/HI9IOUOWakIw5YiabGwh1wsiuGRAe0/nt3jc2OpqyZ8K/lGX gyH2fm+izOc1RTvPdRuQYNU3cmzjOzYWzhoPW+8fTWJfOKv2vRdmivp34Btite9SVr4T M3LliiJo30V5KGVc/vQckGHTdBPjugNHJmtmgLaN4btaEwshSr8nU78/jQ1N4ej3hqPY sG5P+s5/4ppeaTeEsa5N8mtjn493LCqofcB+vDaDMCW7I41LxDW0DwXptDkmOkmRPkMI BMWQ==
X-Gm-Message-State: AIVw113EAL4m2eWZryGDEWR7a7wrQwh3FI4gM/iqT+EfQnsC1US7NjjM AanrsTUeCl6w4Q==
X-Received: by 10.99.165.28 with SMTP id n28mr29641696pgf.163.1499406840877; Thu, 06 Jul 2017 22:54:00 -0700 (PDT)
Received: from aspen.local (216-67-119-73-radius.dynamic.acsalaska.net. [216.67.119.73]) by smtp.gmail.com with ESMTPSA id p77sm3424077pfd.62.2017.07.06.22.53.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Jul 2017 22:53:59 -0700 (PDT)
To: Kazuho Oku <kazuhooku@gmail.com>
References: <149919703750.15996.5462759432298024921@ietfa.amsl.com> <CANatvzx8GsvoYMscHciKNrOwRzcz1v7=jTCUUp4Z5E=jO9Wd6g@mail.gmail.com>
Cc: secdir@ietf.org, draft-ietf-httpbis-early-hints.all@ietf.org, IETF Discussion Mailing List <ietf@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
From: Melinda Shore <melinda.shore@gmail.com>
Message-ID: <7273f8ab-c1ff-5dff-862e-0a1ead6d28b2@gmail.com>
Date: Thu, 6 Jul 2017 21:53:53 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CANatvzx8GsvoYMscHciKNrOwRzcz1v7=jTCUUp4Z5E=jO9Wd6g@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Tjam5Rpp1D8XFnUOWslnmBv3pTBb37dHF"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/xl3tCdFA5enZC7yYb5FAPbvZw1U>
Subject: Re: [secdir] Secdir last call review of draft-ietf-httpbis-early-hints-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2017 05:54:06 -0000

On 7/6/17 8:40 PM, Kazuho Oku wrote:
> Regarding the wording, I think it would be better to keep the tone
> as-is, rather than suggesting implementers not to send an Early Hints
> response over HTTP/1.1 depending on the client.

Yeah, you don't want to discourage implementation.  I think
the goal is to find some balance between not putting off
implementers on the one hand, and having to deal with an
embarrassing incident on the other.  I'd be more comfortable
with language that's a bit stronger but it's not a huge
issue, certainly not one that's an impediment to moving the
document forward (particularly given that it's intended for
publication as an experimental standard).  In general I
thought the draft was clearly written and straightforward,
and ready for publication modulo this one minor issue.

Melinda