Ossification and HTTP - call for participation

Hi folks,

There's been a background discussion about HTTP and ossification going on for a little while, as some vendors have encountered situations where they can't easily deploy new extensions.

To work through this, we're trying to engage with the Web Application Firewall (WAF) and similar communities to start a discussion around how we can mitigate the risks here while still allowing them to do what they're designed to do.

I've written  (with some help from others) a background document to attempt an explanation of the core issues in an 'open letter' style; see:

That links to two Internet-Drafts of interest:
  - https://tools.ietf.org/html/draft-bishop-httpbis-grease
  - https://mnot.github.io/I-D/http-grease/

We've also created a mailing list for discussion of these issues, to try to get more engagement from the WAF community. See:

If you're interested in these issues, please subscribe to that list. If you know any WAF vendors or related folks, please forward this to them; we'd love to bring them into the discussion.


Mark Nottingham   https://www.mnot.net/

Received on Tuesday, 7 July 2020 01:27:54 UTC