- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 7 Jul 2020 11:27:28 +1000
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Cc: http-grease@ietf.org
Hi folks, There's been a background discussion about HTTP and ossification going on for a little while, as some vendors have encountered situations where they can't easily deploy new extensions. To work through this, we're trying to engage with the Web Application Firewall (WAF) and similar communities to start a discussion around how we can mitigate the risks here while still allowing them to do what they're designed to do. I've written (with some help from others) a background document to attempt an explanation of the core issues in an 'open letter' style; see: https://docs.google.com/document/d/131eTq1eAdjUWGXV8JtF6o842rOod2l7K4NajwDdf-l0/edit?usp=sharing That links to two Internet-Drafts of interest: - https://tools.ietf.org/html/draft-bishop-httpbis-grease - https://mnot.github.io/I-D/http-grease/ We've also created a mailing list for discussion of these issues, to try to get more engagement from the WAF community. See: https://www.ietf.org/mailman/listinfo/http-grease If you're interested in these issues, please subscribe to that list. If you know any WAF vendors or related folks, please forward this to them; we'd love to bring them into the discussion. Thanks, -- Mark Nottingham https://www.mnot.net/
Received on Tuesday, 7 July 2020 01:27:54 UTC