Re: [websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origin Concept) to Proposed Standard
Julian Reschke <julian.reschke@gmx.de> Fri, 02 September 2011 10:24 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E142F21F8FB5 for <websec@ietfa.amsl.com>; Fri, 2 Sep 2011 03:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.583
X-Spam-Level:
X-Spam-Status: No, score=-104.583 tagged_above=-999 required=5 tests=[AWL=-1.984, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SDh2hBuAWCHI for <websec@ietfa.amsl.com>; Fri, 2 Sep 2011 03:24:52 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 8827321F8F49 for <websec@ietf.org>; Fri, 2 Sep 2011 03:24:51 -0700 (PDT)
Received: (qmail invoked by alias); 02 Sep 2011 10:26:25 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp026) with SMTP; 02 Sep 2011 12:26:25 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+s8LhjJJisLG5ryVigw8/YF2rKrxLEPmSeJOGHN3 w5nNfsXT2BjoeI
Message-ID: <4E60AF4F.2010106@gmx.de>
Date: Fri, 02 Sep 2011 12:26:23 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <20110823211953.14482.9265.idtracker@ietfa.amsl.com> <4E567918.4090707@gmx.de> <CAJE5ia96HwjP=jyJeeMv8wGEtjQsakvJiJz==qvfjzA6-unw-w@mail.gmail.com>
In-Reply-To: <CAJE5ia96HwjP=jyJeeMv8wGEtjQsakvJiJz==qvfjzA6-unw-w@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: websec@ietf.org, ietf@ietf.org
Subject: Re: [websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origin Concept) to Proposed Standard
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Sep 2011 10:24:53 -0000
On 2011-09-02 12:20, Adam Barth wrote: > I replied to Julian's message on a W3C list. Julian, is there more > discussion you'd like to have about these points? > ... Well, as discussed, the syntax of the Origin header makes it hard to detect errors which happen when multiple instances get folded into one; see <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-latest.html#considerations.for.creating.header.fields> -- but I fear it's too late to fix this? Best regards, Julian
- [websec] Last Call: <draft-ietf-websec-origin-04.… The IESG
- Re: [websec] Last Call: <draft-ietf-websec-origin… Julian Reschke
- Re: [websec] Last Call: <draft-ietf-websec-origin… Adam Barth
- Re: [websec] Last Call: <draft-ietf-websec-origin… Julian Reschke
- Re: [websec] Last Call: <draft-ietf-websec-origin… Roy T. Fielding
- Re: [websec] Last Call: <draft-ietf-websec-origin… Roy T. Fielding
- Re: [websec] Last Call: <draft-ietf-websec-origin… Frank Ellermann
- Re: [websec] Last Call: <draft-ietf-websec-origin… Frank Ellermann
- Re: [websec] Last Call: <draft-ietf-websec-origin… Adam Barth
- Re: [websec] Last Call: <draft-ietf-websec-origin… Adam Barth
- Re: [websec] Last Call: <draft-ietf-websec-origin… Julian Reschke