- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 11 Jan 2018 09:48:04 +1100
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On 10 Jan 2018, at 2:20 pm, Eric Rescorla <ekr@rtfm.com> wrote: > > > > On Tue, Jan 9, 2018 at 6:51 PM, Mark Nottingham <mnot@mnot.net> wrote: > Hi EKR, > > > On 7 Jan 2018, at 1:11 pm, Eric Rescorla <ekr@rtfm.com> wrote: > > The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to > > indicate what origin(s) [RFC6454] the server would like the client to > > The citation here is to the frame format. I think you could make this clearer > > and also point the user to that section for the conventions, > > Did this comment get truncated? > > No, it's just badly written. The point here is that the citation to 7540 section 4 isn't > to the ORIGIN frame but rather to the *format* of a frame. So, this text is confusing. > I would say > > This document defines a new HTTP/2 frame type ([RFC7540], Section 4) called > ORIGING, which... Done. [...] > > Note that for a connection to be considered authoritative for a given > > origin, the client is still required to obtain a certificate that > > passes suitable checks; see [RFC7540] Section 9.1.1 for more > > "Obtain" seems confusing here. Perhaps "the server is still required to > > authenticate using" > > Could you please provide complete text? This section has been agonised over a fair amount. > > I would say: > > " A connection MUST NOT be considered authoritative for a given origin unless the > server has authenticated to the client using a certificate that would have been acceptable > for that origin; see ...." That makes it a requirement, which repeats one already in 7540. We try to avoid repeating requirements of other specs, since any deviation in wording or context can cause conflicting interpretations. -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 10 January 2018 22:48:38 UTC