Re: Benoit Claise's Discuss on draft-ietf-httpbis-header-compression-10: (with DISCUSS)

> David Black, part of the combined OPS/GEN-ART review
> (http://www.ietf.org/mail-archive/web/gen-art/current/msg11197.html)
> mentions:
>
> The second major issue looks serious - one of the major motivations
> for HPACK is to mitigate attacks on DEFLATE (e.g., CRIME) via use of
> never
> indexed fields wrt compression.  The absence of a list of header fields
> that MUST use that never indexed functionality appears to be a serious
> oversight.
>
> Could I ask one of you to place a Discuss to ensure that these concerns
> are addressed?
>
> ====================
> I haven't had the time to read the draft (shocking I know). So I'm
> unclear at this point if the feedback is DISCUSS/COMMENT-worthy, but ...
> I've got a very high respect for David's technical reviews. In many years
> of review, it's the first time he directly asked me to file a DISCUSS. So
> I want to go to the bottom of this issue. If this approach is clumsy
> (yes, I know, the DISCUSS should be in my name, not on behalf of David),
> I could also "DEFER" this draft.
> I also see that the authors/David engaged in the discussion on the
> ietf@ietf.org list. Good.

For what it's worth, Benoît, I'm perfectly happy with your DISCUSS for
this, even though it's kind of on the edge of the defined process.
Making sure the comment is address adequately is important, and we're
doing the right thing.

There was, in fact, discussion about this, and David did not agree
with Martin's response.  I'll note that both Stephen and Kathleen
balloted Yes on this document, without mentioning the issue.  On the
other hand, as it wasn't copied to the IESG list, they might not have
seen it raised.  Let's talk about it with them on the call.

Barry

Received on Thursday, 22 January 2015 15:42:51 UTC