IETF Logo Mail Archive

Re: [websec] draft-ietf-websec-origin-02

Chris Weber <chris@lookout.net> Sun, 26 June 2011 21:57 UTC

Return-Path: <chris@lookout.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243F0228012 for <websec@ietfa.amsl.com>; Sun, 26 Jun 2011 14:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.2
X-Spam-Level: **
X-Spam-Status: No, score=2.2 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, DNS_FROM_RFC_BOGUSMX=1.482, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQnc0nWFvfUO for <websec@ietfa.amsl.com>; Sun, 26 Jun 2011 14:57:43 -0700 (PDT)
Received: from cl02.gs02.gridserver.com (cl02.gs02.gridserver.com [64.13.232.11]) by ietfa.amsl.com (Postfix) with ESMTP id 5030A228011 for <websec@ietf.org>; Sun, 26 Jun 2011 14:57:40 -0700 (PDT)
Received: from cc-3-dhcp-96.46.16.98.genext.net ([96.46.16.98]:4911 helo=[10.129.251.39]) by cl02.gs02.gridserver.com with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.69) (envelope-from <chris@lookout.net>) id 1QaxKk-0005rE-PZ for websec@ietf.org; Sun, 26 Jun 2011 14:57:40 -0700
Message-ID: <4E07AB57.6030702@lookout.net>
Date: Sun, 26 Jun 2011 14:57:43 -0700
From: Chris Weber <chris@lookout.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110616 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
To: websec@ietf.org
References: <BANLkTik1AnXaWfPEM+PtB8ctqU_mahkWbQ@mail.gmail.com>
In-Reply-To: <BANLkTik1AnXaWfPEM+PtB8ctqU_mahkWbQ@mail.gmail.com>
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Authenticated-User: 17546 chris@lookout.net
Subject: Re: [websec] draft-ietf-websec-origin-02
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2011 21:57:44 -0000

A couple of questions:

1) Do you have a reference to the "chrome-extension URI scheme"?  I was just trying to figure out what it was.

2) In section 6.1 where it says: 
"4.  Apply the IDNA ToUnicode algorithm [RFC5891] to each component of
       the host part of the origin triple"

Should the reference be to Section 4.2 "ToUnicode" of RFC3490 http://tools.ietf.org/html/rfc3490#section-4.2" rel="nofollow">http://tools.ietf.org/html/rfc3490#section-4.2, or Section 5.2 "Conversion to Unicode" of RFC 5891 http://tools.ietf.org/html/rfc5891#section-5.2" rel="nofollow">http://tools.ietf.org/html/rfc5891#section-5.2?

-Chris


On 6/24/2011 1:59 PM, Adam Barth wrote: 
I've posted an updated version of the origin draft:

http://www.ietf.org/id/draft-ietf-websec-origin-02.txt" rel="nofollow">http://www.ietf.org/id/draft-ietf-websec-origin-02.txt

The new version includes Security Considerations, IANA Considerations,
and a completed references section.  Feedback on the new Security
Considerations section would be much appreciated.

I also removed the (stub) Privacy Considerations section.  If there's
something you think should be discussed there, let me know.

Thanks,
Adam
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec" rel="nofollow">https://www.ietf.org/mailman/listinfo/websec

v2.23.0 | Report a Bug | By Email