Re: [websec] draft-ietf-websec-origin-02
Chris Weber <chris@lookout.net> Thu, 30 June 2011 22:35 UTC
Return-Path: <chris@lookout.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB03511E8287 for <websec@ietfa.amsl.com>; Thu, 30 Jun 2011 15:35:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.341
X-Spam-Level:
X-Spam-Status: No, score=0.341 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xAfQRx4cIq7X for <websec@ietfa.amsl.com>; Thu, 30 Jun 2011 15:35:15 -0700 (PDT)
Received: from cl07.gs02.gridserver.com (cl07.gs02.gridserver.com [64.13.232.16]) by ietfa.amsl.com (Postfix) with ESMTP id 6838111E822B for <websec@ietf.org>; Thu, 30 Jun 2011 15:35:15 -0700 (PDT)
Received: from c-71-231-104-2.hsd1.wa.comcast.net ([71.231.104.2]:18157 helo=[192.168.1.158]) by cl07.gs02.gridserver.com with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.69) (envelope-from <chris@lookout.net>) id 1QcPpJ-0007Wk-Da for websec@ietf.org; Thu, 30 Jun 2011 15:35:15 -0700
Message-ID: <4E0CFA2B.7070205@lookout.net>
Date: Thu, 30 Jun 2011 15:35:23 -0700
From: Chris Weber <chris@lookout.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110616 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
To: websec@ietf.org
References: <BANLkTik1AnXaWfPEM+PtB8ctqU_mahkWbQ@mail.gmail.com>
In-Reply-To: <BANLkTik1AnXaWfPEM+PtB8ctqU_mahkWbQ@mail.gmail.com>
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Authenticated-User: 17546 chris@lookout.net
Subject: Re: [websec] draft-ietf-websec-origin-02
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2011 22:35:15 -0000
The new version includes Security Considerations, IANA Considerations, and a completed references section. Feedback on the new Security Considerations section would be much appreciated.
In section 4 step 5 what was intended by "idna-canonicalization"?
5. Let uri-host be the idna-canonicalization of the host component
of the URI.
Are implementers to choose whether to apply IDNA2003, IDNA2008, or TR46 in determining the canonical form? If so should the reference to section 10.1 be made here?
-Chris
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Chris Weber
- [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Thomas Fossati
- Re: [websec] draft-ietf-websec-origin-02 Julian Reschke
- Re: [websec] draft-ietf-websec-origin-02 Blanc Gregory
- Re: [websec] draft-ietf-websec-origin-02 Chris Weber
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Robert Buchholz
- Re: [websec] draft-ietf-websec-origin-02 Chris Weber
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth
- Re: [websec] draft-ietf-websec-origin-02 Adam Barth