W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: #148: Reasonable Assurances and H2C

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 1 Mar 2016 12:08:28 +0100
To: Mark Nottingham <mnot@mnot.net>, Barry Leiba <barryleiba@computer.org>
Cc: Martin Thomson <martin.thomson@gmail.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP WG <ietf-http-wg@w3.org>
Message-ID: <56D5782C.7010005@gmx.de>
On 2016-02-28 16:41, Julian Reschke wrote:
> ...
>> A registry doesn't feel right because this isn't a protocol element.
>> This isn't an extension in the usual sense; it's a controlled
>> loosening of the spec's (security-sensitive) requirements.
>>
>> However, it doesn't seem like 'updates' is the right way to do this
>> either. Upon reflection, I wonder if we really need either property
>> (at least in such a rigorous form); people will find the mechanisms if
>> they get implemented, and we've been happy to have OppSec as
>> Experimental.
>>
>> Anyone have a problem with dropping this?
>>
>> """
>> Other means of establishing them MUST be documented in an RFC that
>> updates this specification.
>> """
>
> Sounds right to me.
>
> Best regards, Julian

As I heard no pushback I've done this in 
<https://github.com/httpwg/http-extensions/commit/6b1cc1995538fde23241ed4d89725f4e9a62b3ec>.

I plan to submit a new draft later today (which then would go to the IESG).

Best regards, Julian
Received on Tuesday, 1 March 2016 11:09:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC