- From: RFC Errata System <rfc-editor@rfc-editor.org>
- Date: Mon, 15 Mar 2021 04:12:52 -0700 (PDT)
- To: lucaspardue.24.7@gmail.com, mnot@mnot.net, mcmanus@ducksong.com, julian.reschke@greenbytes.de
- Cc: francesca.palombini@ericsson.com, iesg@ietf.org, ietf-http-wg@w3.org, rfc-editor@rfc-editor.org
The following errata report has been rejected for RFC7838, "HTTP Alternative Services". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6481 -------------------------------------- Status: Rejected Type: Editorial Reported by: Lucas Pardue <lucaspardue.24.7@gmail.com> Date Reported: 2021-03-13 Rejected by: Francesca Palombini (IESG) Section: 2.4 Original Text ------------- Furthermore, if the connection to the alternative service fails or is unresponsive, the client MAY fall back to using the origin or another alternative service. Note, however, that this could be the basis of a downgrade attack, thus losing any enhanced security properties of the alternative service. Corrected Text -------------- ¯\_(ツ)_/¯ Notes ----- Alt-Svc fall back is described in section 2.4 and mentions security properties, so I was expecting to see something about fall back in the security considerations. This might be implicitly covered by Section 9.3 but it could potentially be made more clear. --VERIFIER NOTES-- General clarifications and request for improvements to the RFC in a possible future update of the document should be proposed using channels other than the errata process, such as the WG mailing list. -------------------------------------- RFC7838 (draft-ietf-httpbis-alt-svc-14) -------------------------------------- Title : HTTP Alternative Services Publication Date : April 2016 Author(s) : M. Nottingham, P. McManus, J. Reschke Category : PROPOSED STANDARD Source : HTTP Area : Applications and Real-Time Stream : IETF Verifying Party : IESG
Received on Monday, 15 March 2021 11:13:11 UTC