- From: RFC Errata System <rfc-editor@rfc-editor.org>
- Date: Fri, 12 Mar 2021 16:23:34 -0800 (PST)
- To: mnot@mnot.net, mcmanus@ducksong.com, julian.reschke@greenbytes.de, superuser@gmail.com, barryleiba@computer.org, mnot@mnot.net, tpauly@apple.com
- Cc: lucaspardue.24.7@gmail.com, ietf-http-wg@w3.org, rfc-editor@rfc-editor.org
The following errata report has been submitted for RFC7838, "HTTP Alternative Services". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6481 -------------------------------------- Type: Editorial Reported by: Lucas Pardue <lucaspardue.24.7@gmail.com> Section: 2.4 Original Text ------------- Furthermore, if the connection to the alternative service fails or is unresponsive, the client MAY fall back to using the origin or another alternative service. Note, however, that this could be the basis of a downgrade attack, thus losing any enhanced security properties of the alternative service. Corrected Text -------------- ¯\_(ツ)_/¯ Notes ----- Alt-Svc fall back is described in section 2.4 and mentions security properties, so I was expecting to see something about fall back in the security considerations. This might be implicitly covered by Section 9.3 but it could potentially be made more clear. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7838 (draft-ietf-httpbis-alt-svc-14) -------------------------------------- Title : HTTP Alternative Services Publication Date : April 2016 Author(s) : M. Nottingham, P. McManus, J. Reschke Category : PROPOSED STANDARD Source : HTTP Area : Applications and Real-Time Stream : IETF Verifying Party : IESG
Received on Saturday, 13 March 2021 00:23:51 UTC