W3C home > Mailing lists > Public > public-web-security@w3.org > August 2011

LC nits on draft-ietf-websec-origin-04, Re: Fwd: [websec] WG Last Call on draft-ietf-websec-origin-02 until Aug-15

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 25 Aug 2011 17:35:25 +0200
Message-ID: <4E566BBD.5010507@gmx.de>
To: Peter Saint-Andre <stpeter@stpeter.im>
CC: public-web-security <public-web-security@w3.org>, Thomas Roessler <tlr@w3.org>
On 2011-08-24 19:43, Peter Saint-Andre wrote:
> Thanks, Thomas. Just a quick note that this is in IETF Last Call now,
> ending on 2011-09-06. This is your last chance for feedback.
> ...

Below a few late comments..

6. Serializing Origins

- It really really seems that the two algorithms need to be swapped (the 
first one converts to ASCII, but the second does not).

- Also, I'd prefer a declarative definition.

7. The HTTP Origin header

- header *field*

- the syntax doesn't allow multiple header fields, and the prose says 
clients MUST NOT generate them; what is the recipient supposed to do 
when it get's multiple instances anyway? Is the default approach 
(ignoring them all) good enough? Do we need to warn recipients so that 
they check?


11. References

- the WEBSOCKETS reference should be updated (if a new draft is produced)

Best regards, Julian
Received on Thursday, 25 August 2011 15:36:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 25 August 2011 15:36:02 GMT