- From: Eric Rescorla <ekr@rtfm.com>
- Date: Wed, 10 Jan 2018 14:56:44 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CABcZeBONUxDNPEpt-oBPAUfz0fan2g+tKOOat_-7=CudTpoW3w@mail.gmail.com>
On Wed, Jan 10, 2018 at 2:48 PM, Mark Nottingham <mnot@mnot.net> wrote: > > > > On 10 Jan 2018, at 2:20 pm, Eric Rescorla <ekr@rtfm.com> wrote: > > > > > > > > On Tue, Jan 9, 2018 at 6:51 PM, Mark Nottingham <mnot@mnot.net> wrote: > > Hi EKR, > > > > > > On 7 Jan 2018, at 1:11 pm, Eric Rescorla <ekr@rtfm.com> wrote: > > > The ORIGIN HTTP/2 frame ([RFC7540], Section 4) allows a server to > > > indicate what origin(s) [RFC6454] the server would like the client to > > > The citation here is to the frame format. I think you could make this > clearer > > > and also point the user to that section for the conventions, > > > > Did this comment get truncated? > > > > No, it's just badly written. The point here is that the citation to 7540 > section 4 isn't > > to the ORIGIN frame but rather to the *format* of a frame. So, this text > is confusing. > > I would say > > > > This document defines a new HTTP/2 frame type ([RFC7540], Section 4) > called > > ORIGING, which... > > Done. > > [...] > > > > Note that for a connection to be considered authoritative for a given > > > origin, the client is still required to obtain a certificate that > > > passes suitable checks; see [RFC7540] Section 9.1.1 for more > > > "Obtain" seems confusing here. Perhaps "the server is still required to > > > authenticate using" > > > > Could you please provide complete text? This section has been agonised > over a fair amount. > > > > I would say: > > > > " A connection MUST NOT be considered authoritative for a given origin > unless the > > server has authenticated to the client using a certificate that would > have been acceptable > > for that origin; see ...." > > That makes it a requirement, which repeats one already in 7540. We try to > avoid repeating requirements of other specs, since any deviation in wording > or context can cause conflicting interpretations. > Well, then I'm not quite sure what you're looking for here. -Ekr > > > -- > Mark Nottingham https://www.mnot.net/ > >
Received on Wednesday, 10 January 2018 22:57:51 UTC