- From: Roberto Peon <grmocg@gmail.com>
- Date: Fri, 30 Aug 2013 14:31:00 -0700
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAP+FsNcubMSACpY3uWL031v0mw4oCp0NjOv2YvBzg85w6yGNhw@mail.gmail.com>
Sounds better to me. That the server must adequately protect sensitive information is what we are attempting to express, one way or another. -=R On Aug 30, 2013 2:17 PM, "Martin Thomson" <martin.thomson@gmail.com> wrote: > https://github.com/http2/http2-spec/issues/197 > > Julian raised this issue, and it's been marked as editorial, but I'm > thinking that something design-ish needs to be done. > > "Endpoints MAY append opaque data to the payload of any GOAWAY frame. > Additional debug data is intended for diagnostic purposes only and > carries no semantic value. Debug data MUST NOT be persistently stored, > since it could contain sensitive information." > > The objection is to the last sentence, which smells like an RFC 6919 > "MUST (BUT WE KNOW YOU WON'T)", parenthetical omitted. > > The more I think about this, the more I think that this requirement is > silly. Yes, there might be sensitive information, but there's no way > that someone won't be logging this. That's kinda the point. > > I think that we could instead say the exact opposite: "Debug data > might be logged or redistributed, therefore it MUST NOT contain any > unprotected sensitive data." > > If an implementation wants to put some risque data in there, it can > use its public key to encipher the debug data, or something like that. > >
Received on Friday, 30 August 2013 21:31:26 UTC