Re: [Editorial Errata Reported] RFC7838 (6481) from Julian Reschke on 2021-03-13 (ietf-http-wg@w3.org from January to March 2021)

From: Julian Reschke <julian.reschke@greenbytes.de>
Date: Sat, 13 Mar 2021 11:24:54 +0100
To: RFC Errata System <rfc-editor@rfc-editor.org>, mnot@mnot.net, mcmanus@ducksong.com, superuser@gmail.com, barryleiba@computer.org, tpauly@apple.com
Cc: lucaspardue.24.7@gmail.com, ietf-http-wg@w3.org
Message-ID: <15ed9b3f-1b75-f6be-b754-84bcda0072c3@greenbytes.de>

Am 13.03.2021 um 01:23 schrieb RFC Errata System:
> The following errata report has been submitted for RFC7838,
> "HTTP Alternative Services".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid6481
> 
> --------------------------------------
> Type: Editorial
> Reported by: Lucas Pardue <lucaspardue.24.7@gmail.com>
> 
> Section: 2.4
> 
> Original Text
> -------------
>     Furthermore, if the connection to the alternative service fails or is
>     unresponsive, the client MAY fall back to using the origin or another
>     alternative service.  Note, however, that this could be the basis of
>     a downgrade attack, thus losing any enhanced security properties of
>     the alternative service.
> 
> Corrected Text
> --------------
>   ¯\_(ツ)_/¯
> 
> Notes
> -----
> Alt-Svc fall back is described in section 2.4 and mentions security properties, so I was expecting to see something about fall back in the security considerations. This might be implicitly covered by Section 9.3 but it could potentially be made more clear.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
> 
> --------------------------------------
> RFC7838 (draft-ietf-httpbis-alt-svc-14)
> --------------------------------------
> Title               : HTTP Alternative Services
> Publication Date    : April 2016
> Author(s)           : M. Nottingham, P. McManus, J. Reschke
> Category            : PROPOSED STANDARD
> Source              : HTTP
> Area                : Applications and Real-Time
> Stream              : IETF
> Verifying Party     : IESG

I don't think this is an erratum.

The spec says what the WG agreed upon.

If you're looking for a place to collect improvement ideas for a 
potential RFC7838bis, we can do that on the WG's Github issue tracker.

Best regards, Julian

-- 
<green/>bytes GmbH, Hafenweg 16, D-48155 Münster, Germany
Amtsgericht Münster: HRB5782

Received on Saturday, 13 March 2021 10:25:24 UTC