Re: [websec] WG Last Call on draft-ietf-websec-origin-02 until Aug-15
Adam Barth <ietf@adambarth.com> Tue, 23 August 2011 18:37 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C56521F8B91 for <websec@ietfa.amsl.com>; Tue, 23 Aug 2011 11:37:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.221
X-Spam-Level:
X-Spam-Status: No, score=-3.221 tagged_above=-999 required=5 tests=[AWL=-0.244, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vTHXw9YwvIED for <websec@ietfa.amsl.com>; Tue, 23 Aug 2011 11:37:43 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8907C21F8B8A for <websec@ietf.org>; Tue, 23 Aug 2011 11:37:43 -0700 (PDT)
Received: by gwb20 with SMTP id 20so374597gwb.31 for <websec@ietf.org>; Tue, 23 Aug 2011 11:38:51 -0700 (PDT)
Received: by 10.42.29.69 with SMTP id q5mr4022365icc.353.1314124731589; Tue, 23 Aug 2011 11:38:51 -0700 (PDT)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx.google.com with ESMTPS id p11sm79654ibf.13.2011.08.23.11.38.50 (version=SSLv3 cipher=OTHER); Tue, 23 Aug 2011 11:38:50 -0700 (PDT)
Received: by iye1 with SMTP id 1so518151iye.27 for <websec@ietf.org>; Tue, 23 Aug 2011 11:38:50 -0700 (PDT)
Received: by 10.231.85.12 with SMTP id m12mr8234586ibl.60.1314124730132; Tue, 23 Aug 2011 11:38:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.41.207 with HTTP; Tue, 23 Aug 2011 11:38:20 -0700 (PDT)
In-Reply-To: <4E52183F.8030900@isode.com>
References: <4E248B9C.1070701@gondrom.org> <CAJE5ia9nSRKBaLSWiL4NhfVR6_-U8+DYmaQ5pDNx1JKy7ezCAQ@mail.gmail.com> <4E4FF470.2030804@isode.com> <CAJE5ia-Ak3FOhMOjDDcYubnqGY2A8S=sf-gYYgCEDcXU1y6KCg@mail.gmail.com> <4E52183F.8030900@isode.com>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 23 Aug 2011 11:38:20 -0700
Message-ID: <CAJE5ia_eozat_HqRcQSOKyYML2iJstZ5mR3tVDPNCgS2bHxG4g@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: websec@ietf.org
Subject: Re: [websec] WG Last Call on draft-ietf-websec-origin-02 until Aug-15
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2011 18:37:44 -0000
On Mon, Aug 22, 2011 at 1:50 AM, Alexey Melnikov <alexey.melnikov@isode.com> wrote: > Hi Adam, > > Adam Barth wrote: > >> On Sat, Aug 20, 2011 at 10:52 AM, Alexey Melnikov >> <alexey.melnikov@isode.com> wrote: >> >>> >>> Adam Barth wrote: >>> >>>> >>>> I've upload a new version of the draft, which incorporates all the >>>> feedback I've received: >>>> >>>> http://www.ietf.org/id/draft-ietf-websec-origin-03.txt >>>> >>>> Please let me know if I've missed any feedback. >>>> >>> >>> Hi Adam, >>> Sorry, I forgot to send out my comments on -02: >>> >>> 3.2.1. Examples >>> >>> All of the following resources have the same origin: >>> >>> >>> http://example.com/ >>> http://example.com:80/ >>> http://example.com/path/file >>> http://example.com/ >>> >>> The first and the last example are identical, was this intentional? >>> >> >> Nope. Fixed. >> >>> >>> 4. Origin of a URI >>> >>> The origin of a URI is the value computed by the following algorithm: >>> >>> 1. If the URI does not use a server-based naming authority, or if >>> the URI is not an absolute URI, then return a globally unique >>> identifier. >>> >>> [...] >>> >>> 6. If there is no port component of the URI: >>> >>> 1. Let uri-port be the default port for the protocol given by >>> uri-scheme. >>> >>> Otherwise: >>> >>> 2. Let uri-port be the port component of the URI. >>> >>> I know this is an obscure case, but what will this algorithm return for a >>> mailto URI (assuming that it is supported)? I am not entirely clear that >>> # 1 >>> applies here. >>> >> >> It's a globally unique identifier. mailto doesn't use a server-based >> naming authority. For example, here's a nutty mailto URI: >> >> mailto:alexey.melnikov@isode.com,websec@ietf.org >> >> Although the common case of mailto URLs does contain the name of a >> single server, the general case doesn't. (Admitted, this probably >> isn't as clearly defined as it could be. >> > Exactly my point. At first I thought that you meant URI scheme which allows > for the <authority> component, but it seems like you are trying to define a > wider category. I've reworked this phrase to more directly reference Section 3.2 of RFC3986 (and I added an explicit reference). >>> 6. Serializing Origins >>> >>> This section defines how to serialize an origin to a unicode string >>> and to an ASCII string. >>> >>> Both Unicode and ASCII need references, I think they are normative. >>> >> >> Ok. Are these the best references? >> >> <t>This section defines how to serialize an origin to a unicode <xref >> target="RFC5198" /> string and to an ASCII <xref target="RFC20" /> >> string.</t> >> > > Something like: > > [Unicode52] The Unicode Consortium. The Unicode Standard, Version > 5.2.0, defined by: "The Unicode Standard, Version > 5.2.0", (Mountain View, CA: The Unicode Consortium, > 2009. ISBN 978-1-936213-00-9). > > for Unicode. Probably worth pointing to Unicode 6.0 though. > > I think RFC 20 is Ok. > > <http://www.unicode.org/versions/Unicode5.2.0/>. Done. Adam
- [websec] WG Last Call on draft-ietf-websec-origin… Tobias Gondrom
- [websec] lower-casing in the idna-canonicalized h… Chris Weber
- Re: [websec] lower-casing in the idna-canonicaliz… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Alexey Melnikov
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Alexey Melnikov
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] WG Last Call on draft-ietf-websec-or… Gervase Markham
- Re: [websec] WG Last Call on draft-ietf-websec-or… Adam Barth
- Re: [websec] LC nits on draft-ietf-websec-origin-… Julian Reschke
- Re: [websec] LC nits on draft-ietf-websec-origin-… Adam Barth
- Re: [websec] LC nits on draft-ietf-websec-origin-… Julian Reschke
- Re: [websec] LC nits on draft-ietf-websec-origin-… Adam Barth