W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2017

Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-01.txt

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 27 Oct 2017 16:03:04 +1100
Cc: John Fallows <john.fallows@kaazing.com>, Patrick McManus <pmcmanus@mozilla.com>, hybi <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <C61D7B82-A335-428E-A551-3D8AB0C1EDD9@mnot.net>
To: Martin Thomson <martin.thomson@gmail.com>
On 27 Oct 2017, at 4:01 pm, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On Fri, Oct 27, 2017 at 10:39 AM, Mark Nottingham <mnot@mnot.net> wrote:
>> Just to give some context as to why I don't think it's a subtle change -- consider OWASP's mod_security CRS, which is the basis of most WAF products. It has baked-in assumptions about the semantics of CONNECT; e.g.,
>>  <https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/e4e0497be4d598cce0e0a8fef20d1f1e5578c8d0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf>
> 
> I found this message quite obtuse (and that file worse), but what I
> think you are saying is that an origin server might treat CONNECT
> specially in a way that might make a new method easier to deploy.
> That's a fine argument for a new method.

We work in a field of jargon and extreme specialisation. You should try talking to those browser folks sometime...


--
Mark Nottingham   https://www.mnot.net/
Received on Friday, 27 October 2017 05:03:36 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 November 2017 00:14:14 UTC