Spencer Dawkins' No Objection on draft-ietf-httpbis-origin-frame-04: (with COMMENT) from Spencer Dawkins on 2018-01-08 (ietf-http-wg@w3.org from January to March 2018)

From: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
Date: Mon, 08 Jan 2018 14:43:54 +0000
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, httpbis-chairs@ietf.org, mcmanus@ducksong.com, ietf-http-wg@w3.org
Message-Id: <151542259888.11290.6076771677708129981.idtracker@ietfa.amsl.com>

Spencer Dawkins has entered the following ballot position for
draft-ietf-httpbis-origin-frame-04: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-origin-frame/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I don't object to publishing this document, but I do have an honest question.
Is OCSP sufficiently robust and stable that you're expecting OCSP checks to
work as a security mitigation?

I remember some concerns about that in the SIP community, probably three years
ago, and thought I should ask before the document is approved.

Received on Monday, 8 January 2018 16:25:06 UTC