Re: [websec] Question regarding RFC 6797
Claudio Saavedra <csaavedra@igalia.com> Tue, 29 May 2018 09:33 UTC
Return-Path: <csaavedra@igalia.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFAD11275AB for <websec@ietfa.amsl.com>; Tue, 29 May 2018 02:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=igalia.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TYSZBiqMvT0V for <websec@ietfa.amsl.com>; Tue, 29 May 2018 02:33:51 -0700 (PDT)
Received: from fanzine.igalia.com (fanzine.igalia.com [91.117.99.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45CBA129C53 for <websec@ietf.org>; Tue, 29 May 2018 02:33:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=Content-Transfer-Encoding:Mime-Version:Content-Type:References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID; bh=WwOS+wZ/vFIh7JJD0vxwBe/bMyW3M1Ufvad+yUMV0YA=; b=abYu/3hv8PtYoJe70EKQoTqRHdkJjXIg+OGwQXh+JbTbEQsyPdj4ZeagGM1p3GHnncX9BMn4AKe3wMVqn26r8t8KIBLdBvV4m3qY5rwPXnovNK3KsBFv70Y41TwZAKW41IvSjMMAbGQLzkFbfIrxSEMPt8YniqwQ+qWJq3o4ndtnNTcetUXj4Zzk2cGA5rbXuVCHgec1o5TEqOA12wmITaVaWcGyABpUdywwdaHFdtly4WJdVhBisxqEapMRk4GQwqn+Y080OBkLF3mWPMuXR767kiVGrDKY6B7SvTWVdlzeIYLPt4/wIFCa3TzSMfOKtfJh7XO1/m5iOm4rNN5wjQ==;
Received: from [194.100.51.2] (helo=patanjali) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1fNb0n-0001su-0H; Tue, 29 May 2018 11:33:49 +0200
Message-ID: <ad89ab8a3cd0495c6c74720ca4837c15bb244a43.camel@igalia.com>
From: Claudio Saavedra <csaavedra@igalia.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: websec <websec@ietf.org>
Date: Tue, 29 May 2018 12:33:36 +0300
In-Reply-To: <CADnb78gr4S-RTDMYwafctz7O4o1jgZ3pF6+jJJiXLsV3w5mfsg@mail.gmail.com>
References: <c725c551413c03e1aedbe4a562758853eaaf6be0.camel@igalia.com> <CADnb78jCeL+HN5qvpFabN0kc1qM0HC5H9Ps2SBZFnrmn5cm5LA@mail.gmail.com> <66ba316c85cea6690ad7bc10445783e53b8e8872.camel@igalia.com> <CADnb78gr4S-RTDMYwafctz7O4o1jgZ3pF6+jJJiXLsV3w5mfsg@mail.gmail.com>
Organization: Igalia
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.2-1
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/websec/mq0chyPWGpxAykce6wGPlnEtBxs>
Subject: Re: [websec] Question regarding RFC 6797
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 09:33:53 -0000
On Tue, 2018-05-29 at 11:30 +0200, Anne van Kesteren wrote: > On Tue, May 29, 2018 at 11:20 AM, Claudio Saavedra <csaavedra@igalia. > com> wrote: > > So if this is a security bug, I'm understanding that the desired > > behavior would be the one described in 11.2. What can be done in > > the > > specification to deal with this? Can it be reworded/updated? How > > can we > > implementors know which of the behaviors described in 8.1 or 11.2 > > is to > > be honored? > > I'm not sure. Raising errata would be good, but it's always a little > bit unclear to me whether it's going to be accepted, but at least > there's a way to find the issue then (other than browsing the mailing > list), even if not accepted. After that it's probably updating the > document, which is rather involved. Thanks, I'll raise an errata then and follow 11.2 in the implementation for now. Claudio
- [websec] Question regarding RFC 6797 Claudio Saavedra
- Re: [websec] Question regarding RFC 6797 Anne van Kesteren
- Re: [websec] Question regarding RFC 6797 Claudio Saavedra
- Re: [websec] Question regarding RFC 6797 Anne van Kesteren
- Re: [websec] Question regarding RFC 6797 Claudio Saavedra
- Re: [websec] Question regarding RFC 6797 Claudio Saavedra
- Re: [websec] Question regarding RFC 6797 Anne van Kesteren