W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: Empty but existing resource | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 7 Oct 2016 19:34:02 +1100
Message-ID: <CABkgnnXo8G0ZhfaZ6=C6JkkLRNOWhf6TANfL0aF29i4+D1FVoA@mail.gmail.com>
To: Mike Bishop <Michael.Bishop@microsoft.com>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Patrick McManus <mcmanus@ducksong.com>, HTTP working group mailing list <ietf-http-wg@w3.org>
On 7 October 2016 at 16:49, Mike Bishop <Michael.Bishop@microsoft.com> wrote:
> The client isn't requesting additional functionality via Opp-Sec, but
> gaining a way to double-check the alternative's intent/ability to play along
> when the initial reference was vulnerable to meddling.  (Unless we're
> proposing to update RFC 7838 by adding that MUST?)

Nah, updates aren't necessary, we're just looking for belts AND braces
on this stuff.  We have some evidence that scheme isn't routinely
looked at in the critical parts of the stack, so this is in response
to that.  Yep, it's paranoid.
Received on Friday, 7 October 2016 08:34:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 7 October 2016 08:34:35 UTC