Re: draft-ietf-httpbis-bcp56bis-11, "4.14. Maintaining Application Boundaries" from Mark Nottingham on 2021-04-19 (ietf-http-wg@w3.org from April to June 2021)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 19 Apr 2021 18:13:10 +1000
To: "Julian F. Reschke" <julian.reschke@gmx.de>
Cc: ietf-http-wg@w3.org
Message-Id: <4A94E801-31AE-4E6B-9E11-C2B16C768A2F@mnot.net>

BCP56bis is a set of recommendations for applications that build on top of HTTP, not just commentary on those specs. In particular, the section you're referring to is talking about browser mechanisms for security, which do *not* reference HTTP for this definition; they reference Origin.

Cheers,

> On 19 Apr 2021, at 6:11 pm, Julian Reschke <julian.reschke@gmx.de> wrote:
> 
> Am 19.04.2021 um 09:20 schrieb Mark Nottingham:
>> I don't think so, unless we want to deprecate that RFC (which AFAICT hasn't yet been discussed).
>> ...
> 
> I don't see how that would follow.
> 
> BCP56bis is commentary on top of the HTTP specs, and those have switched
> to their own definition of "Origin", so it might make sense to be
> consistent with that.
> 
> Best regards, Julian

--
Mark Nottingham   https://www.mnot.net/

Received on Monday, 19 April 2021 08:13:32 UTC