Re: [websec] WG Last Call on draft-ietf-websec-origin-02 until Aug-15
Alexey Melnikov <alexey.melnikov@isode.com> Sat, 20 August 2011 17:52 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF4CE21F8A80 for <websec@ietfa.amsl.com>; Sat, 20 Aug 2011 10:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.762
X-Spam-Level:
X-Spam-Status: No, score=-102.762 tagged_above=-999 required=5 tests=[AWL=-0.163, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VX52p0LQZFkd for <websec@ietfa.amsl.com>; Sat, 20 Aug 2011 10:52:02 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by ietfa.amsl.com (Postfix) with ESMTP id 2633621F8785 for <websec@ietf.org>; Sat, 20 Aug 2011 10:52:02 -0700 (PDT)
Received: from [188.29.11.66] (188.29.11.66.threembb.co.uk [188.29.11.66]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <Tk=0eQALhJXS@rufus.isode.com>; Sat, 20 Aug 2011 18:53:00 +0100
Message-ID: <4E4FF470.2030804@isode.com>
Date: Sat, 20 Aug 2011 18:52:48 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Adam Barth <ietf@adambarth.com>
References: <4E248B9C.1070701@gondrom.org> <CAJE5ia9nSRKBaLSWiL4NhfVR6_-U8+DYmaQ5pDNx1JKy7ezCAQ@mail.gmail.com>
In-Reply-To: <CAJE5ia9nSRKBaLSWiL4NhfVR6_-U8+DYmaQ5pDNx1JKy7ezCAQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: websec@ietf.org
Subject: Re: [websec] WG Last Call on draft-ietf-websec-origin-02 until Aug-15
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Aug 2011 17:52:03 -0000
Adam Barth wrote: >I've upload a new version of the draft, which incorporates all the >feedback I've received: > >http://www.ietf.org/id/draft-ietf-websec-origin-03.txt > >Please let me know if I've missed any feedback. > Hi Adam, Sorry, I forgot to send out my comments on -02: 3.2.1. Examples All of the following resources have the same origin: http://example.com/ http://example.com:80/ http://example.com/path/file http://example.com/ The first and the last example are identical, was this intentional? 4. Origin of a URI The origin of a URI is the value computed by the following algorithm: 1. If the URI does not use a server-based naming authority, or if the URI is not an absolute URI, then return a globally unique identifier. [...] 6. If there is no port component of the URI: 1. Let uri-port be the default port for the protocol given by uri-scheme. Otherwise: 2. Let uri-port be the port component of the URI. I know this is an obscure case, but what will this algorithm return for a mailto URI (assuming that it is supported)? I am not entirely clear that # 1 applies here. 5. Comparing Origins NOTE: A URI is not necessarily same-origin with itself. For example, a data URI is not same-origin with itself because data An Informative reference for the "data" URI scheme is needed here. URIs do not use a server-based naming authority and therefore have globally unique identifiers as origins. 6. Serializing Origins This section defines how to serialize an origin to a unicode string and to an ASCII string. Both Unicode and ASCII need references, I think they are normative. > > >
- [websec] WG Last Call on draft-ietf-websec-origin… Tobias Gondrom
- [websec] lower-casing in the idna-canonicalized h… Chris Weber
- Re: [websec] lower-casing in the idna-canonicaliz… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Alexey Melnikov
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Alexey Melnikov
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Gervase Markham
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] LC nits on draft-ietf-websec-origin-… Julian Reschke
- Re: [websec] LC nits on draft-ietf-websec-origin-… Adam Barth
- Re: [websec] LC nits on draft-ietf-websec-origin-… Julian Reschke
- Re: [websec] LC nits on draft-ietf-websec-origin-… Adam Barth