W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: New Version Notification for draft-nottingham-http2-encryption-03.txt

From: (wrong string) 陈智昌 <willchan@chromium.org>
Date: Wed, 21 May 2014 17:25:03 -0700
Message-ID: <CAA4WUYgTdF0P6==mPzREK8M5ba_6C48o5u0FGOYrR=2c2iq9hg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
I've skimmed the draft in more detail now and have nits:

* Grammar in section 6.3. - "A browser client MUST clear persisted all
alternative service information when clearing other origin-based state
(i.e., cookies)."
* Please consistently use "alternative services" instead of "alternate
services".

I don't feel very strongly, but I am not sure where the times for the
operational considerations are coming from. IIRC, HSTS and HPKP use much
longer max-ages. Why does this draft suggest capping at 1 month?

Cheers.


On Mon, May 19, 2014 at 8:59 PM, Martin Thomson <martin.thomson@gmail.com>wrote:

> On 19 May 2014 20:42, Mark Nottingham <mnot@mnot.net> wrote:
> > FYI - Martin went away and did some substantial revision of this draft,
> and is now an author.
>
> The changes incorporate a draft you might have seen, but I didn't
> announce.  The main innovation here is a way to make the whole thing
> sticky in an effort to reduce the opportunity for downgrade attack.
> Pretty standard stuff, but included as a bit of a thought experiment
> as well as a bit of a test to see what people think.
>
>
Received on Thursday, 22 May 2014 00:25:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC