[websec] [Technical Errata Reported] RFC6454 (3249)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 08 June 2012 13:01 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3FF1621F889B for <websec@ietfa.amsl.com>; Fri, 8 Jun 2012 06:01:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.441
X-Spam-Status: No, score=-102.441 tagged_above=-999 required=5 tests=[AWL=0.159, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id fcgiTyvtwWj6 for <websec@ietfa.amsl.com>; Fri, 8 Jun 2012 06:01:12 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id C734221F8872 for <websec@ietf.org>; Fri, 8 Jun 2012 06:01:12 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 9F43C621A0; Fri, 8 Jun 2012 05:59:55 -0700 (PDT)
To: ietf@adambarth.com, barryleiba@computer.org, presnick@qualcomm.com, tobias.gondrom@gondrom.org, alexey.melnikov@isode.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20120608125956.9F43C621A0@rfc-editor.org>
Date: Fri, 08 Jun 2012 05:59:55 -0700
Cc: annevk@annevk.nl, websec@ietf.org, rfc-editor@rfc-editor.org
Subject: [websec] [Technical Errata Reported] RFC6454 (3249)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2012 13:01:13 -0000

The following errata report has been submitted for RFC6454,
"The Web Origin Concept".

You may review the report below and at:

Type: Technical
Reported by: Anne van Kesteren <annevk@annevk.nl>

Section: 7.1. Syntax

Original Text
origin              = "Origin:" OWS origin-list-or-null OWS
origin-list-or-null = %x6E %x75 %x6C %x6C / origin-list
origin-list         = serialized-origin *( SP serialized-origin )

Corrected Text
origin              = "Origin:" OWS origin-or-null OWS
origin-or-null      = %x6E %x75 %x6C %x6C / serialized-origin

Rationale: List of origins was added for CORS http://www.w3.org/TR/cors/ but CORS does not require it and we should leave this as a choice.

This syntax restriction also has limited impact on 7.2. and 7.3.

See also: http://lists.w3.org/Archives/Public/www-archive/2012Jun/thread.html#msg1

This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary. 

RFC6454 (draft-ietf-websec-origin-06)
Title               : The Web Origin Concept
Publication Date    : December 2011
Author(s)           : A. Barth
Category            : PROPOSED STANDARD
Source              : Web Security
Area                : Applications
Stream              : IETF
Verifying Party     : IESG