Re: [Editorial Errata Reported] RFC7838 (6481) from Ben Schwartz on 2021-03-15 (ietf-http-wg@w3.org from January to March 2021)

From: Ben Schwartz <bemasc@google.com>
Date: Mon, 15 Mar 2021 11:14:19 -0400
To: Julian Reschke <julian.reschke@greenbytes.de>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Mark Nottingham <mnot@mnot.net>, Patrick McManus <mcmanus@ducksong.com>, "Murray S. Kucherawy" <superuser@gmail.com>, Barry Leiba <barryleiba@computer.org>, Tommy Pauly <tpauly@apple.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAHbrMsCd3Pcez7LN6p-=mYaTHgbHTtbY_V4jEsmqxCYTfM=WwA@mail.gmail.com>

Re: "RFC7838bis", see https://github.com/MikeBishop/dns-alt-svc/issues/246

On Sat, Mar 13, 2021 at 5:26 AM Julian Reschke <julian.reschke@greenbytes.de>
wrote:

> Am 13.03.2021 um 01:23 schrieb RFC Errata System:
> > The following errata report has been submitted for RFC7838,
> > "HTTP Alternative Services".
> >
> > --------------------------------------
> > You may review the report below and at:
> > https://www.rfc-editor.org/errata/eid6481
> >
> > --------------------------------------
> > Type: Editorial
> > Reported by: Lucas Pardue <lucaspardue.24.7@gmail.com>
> >
> > Section: 2.4
> >
> > Original Text
> > -------------
> >     Furthermore, if the connection to the alternative service fails or is
> >     unresponsive, the client MAY fall back to using the origin or another
> >     alternative service.  Note, however, that this could be the basis of
> >     a downgrade attack, thus losing any enhanced security properties of
> >     the alternative service.
> >
> > Corrected Text
> > --------------
> >   ¯\_(ツ)_/¯
> >
> > Notes
> > -----
> > Alt-Svc fall back is described in section 2.4 and mentions security
> properties, so I was expecting to see something about fall back in the
> security considerations. This might be implicitly covered by Section 9.3
> but it could potentially be made more clear.
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". If necessary, please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party
> > can log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC7838 (draft-ietf-httpbis-alt-svc-14)
> > --------------------------------------
> > Title               : HTTP Alternative Services
> > Publication Date    : April 2016
> > Author(s)           : M. Nottingham, P. McManus, J. Reschke
> > Category            : PROPOSED STANDARD
> > Source              : HTTP
> > Area                : Applications and Real-Time
> > Stream              : IETF
> > Verifying Party     : IESG
>
> I don't think this is an erratum.
>
> The spec says what the WG agreed upon.
>
> If you're looking for a place to collect improvement ideas for a
> potential RFC7838bis, we can do that on the WG's Github issue tracker.
>
> Best regards, Julian
>
> --
> <green/>bytes GmbH, Hafenweg 16, D-48155 Münster, Germany
> Amtsgericht Münster: HRB5782
>
>

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 15 March 2021 15:14:45 UTC