Re: #148: Reasonable Assurances and H2C

> On 27 Feb 2016, at 1:37 AM, Barry Leiba <barryleiba@computer.org> wrote:
> 
>>>>  For the purposes of this document, "reasonable assurances" can be
>>>>  established through use of a TLS-based protocol with the certificate
>>>>  checks defined in [RFC2818].  Other means of establishing them MUST
>>>>  be documented in an RFC that updates this specification.  Clients MAY
>>>>  impose additional criteria for establishing reasonable assurances.
>>> 
>>> As far as I understand, this is a hook for draft-ietf-httpbis-http2-encryption-03,
>>> which is currently labeled "experimental". It is my understanding that
>>> experimental RFCs will have a hard time "updating" a standards-track
>>> RFC, though...
>> 
>> Barry, any insights here?
> 
> Yeh, why is "that updates this document" there?  Why do readers of
> this document have to know about means that are provided in other
> documents, such that "updates" is needed?

We wanted to assure that any other way to establish reasonable assurances had sufficient vetting, and that someone reading this spec could find all the different ways to establish reasonable assurances.

Any additional insights (hopefully in non-question form)?

Cheers (and thanks),




--
Mark Nottingham   https://www.mnot.net/

Received on Friday, 26 February 2016 21:14:25 UTC