Re: [websec] #16: lack of explanatory text and no justifications for the normative language

Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 24 October 2011 09:00 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 283D421F8CB4 for <websec@ietfa.amsl.com>; Mon, 24 Oct 2011 02:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.573
X-Spam-Level:
X-Spam-Status: No, score=-96.573 tagged_above=-999 required=5 tests=[AWL=0.205, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1Ou9TGEd9dB for <websec@ietfa.amsl.com>; Mon, 24 Oct 2011 02:00:41 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 0D53621F8CAB for <websec@ietf.org>; Mon, 24 Oct 2011 02:00:40 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=HLOAh0L1zzCstYDrwomTi/GkAdKlOelwSsyv+lJIbbAvxi09jwcZnGtR5Bdy6/3O2QPAs+dwjD2pcJh2D0oyFXLXyw+5q6Qzp17QKTsOZtoLfGoYuXyEnIaDEVl8vYGj; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:X-Priority:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Received: (qmail 28141 invoked from network); 24 Oct 2011 10:59:40 +0200
Received: from unknown (HELO ?10.5.5.61?) (61.8.220.69) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 24 Oct 2011 10:59:40 +0200
Message-ID: <4EA528FB.7060307@gondrom.org>
Date: Mon, 24 Oct 2011 09:59:39 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0) Gecko/20110923 Thunderbird/7.0
MIME-Version: 1.0
To: websec@ietf.org
X-Priority: 4 (Low)
References: <067.0c626f20ba70069d5bffe870f0af308a@trac.tools.ietf.org> <082.069f7d2344511f067aa27b9de70dacc6@trac.tools.ietf.org>
In-Reply-To: <082.069f7d2344511f067aa27b9de70dacc6@trac.tools.ietf.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [websec] #16: lack of explanatory text and no justifications for the normative language
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 09:00:42 -0000

On 22/10/11 19:47, websec issue tracker wrote:
> #16: lack of explanatory text and no justifications for the normative language
>
>
> Comment (by ietf@…):
>
>   There's a lot of discussion of the rationale in this document:
>
>   http://www.adambarth.com/papers/2009/barth-caballero-song.pdf
>
>   I'm not opposed to importing that information into this document.
>
<hat="individual">
good idea.
- Tobias