Re: Eric Rescorla's No Objection on draft-ietf-httpbis-origin-frame-04: (with COMMENT) from Eric Rescorla on 2018-01-11 (ietf-http-wg@w3.org from January to March 2018)

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 11 Jan 2018 15:26:11 -0800
To: Mark Nottingham <mnot@mnot.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABcZeBMbE4J5CgSiOsF04t+QuBBWQ8GTyGotsL1Q=71HcC0dTQ@mail.gmail.com>

Sold

On Thu, Jan 11, 2018 at 3:20 PM, Mark Nottingham <mnot@mnot.net> wrote:

> WFM, committing.
>
> Thanks,
>
>
> > On 12 Jan 2018, at 10:19 am, Eric Rescorla <ekr@rtfm.com> wrote:
> >
> > "present" seems too weak. You need to prove possession of the private
> key, not just show it. How about "authenticate with"?
> >
> > On Thu, Jan 11, 2018 at 3:16 PM, Mark Nottingham <mnot@mnot.net> wrote:
> >
> >
> > > On 12 Jan 2018, at 9:38 am, Eric Rescorla <ekr@rtfm.com> wrote:
> > >
> > > I am looking for text which is technically accurate. the current text
> is not, for any sense of "obtain". What is required here is that the server
> authenticate to the client with a private key that corresponds to a
> certificate which passes the suitable tests. That's entirely different from
> "obtain".
> >
> > How about:
> >
> > Original: """
> > Note that for a connection to be considered authoritative for a given
> origin, the client is still required to obtain a certificate that passes
> suitable checks..."""
> >
> > Update: """
> > Note that for a connection to be considered authoritative for a given
> origin, the server is still required to present a certificate that passes
> suitable checks..."""
> >
> > --
> > Mark Nottingham   https://www.mnot.net/
> >
> >
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>

Received on Thursday, 11 January 2018 23:27:21 UTC