- From: Gunter Van de Velde via Datatracker <noreply@ietf.org>
- Date: Mon, 08 Sep 2025 03:18:09 -0700
- To: "The IESG" <iesg@ietf.org>
- Cc: draft-ietf-httpbis-optimistic-upgrade@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, tpauly@apple.com, tpauly@apple.com
Gunter Van de Velde has entered the following ballot position for draft-ietf-httpbis-optimistic-upgrade-05: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-optimistic-upgrade/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- # Gunter Van de Velde, RTG AD, comments for draft-ietf-httpbis-optimistic-upgrade-05 # The line numbers used are rendered from IETF idnits tool: https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-httpbis-optimistic-upgrade-05.txt # Thank you for this document. I found it well written and well structured. # for your convenience, please find some non-blocking COMMENTS, and one blocking DISCUSS (informational vs standards track) # DISCUSS # ======= When looking at the abstract: 13 In HTTP/1.1, the client can request a change to a new protocol on the 14 existing connection. This document discusses the security 15 considerations that apply to data sent by the client before this 16 request is confirmed, and updates RFC 9112 and RFC 9298 to avoid 17 related security issues. GV> What I find a little confusing is that the draft doesn’t seem to introduce new procedures or formal normative language, yet it is published on the Standards Track. In the shepherd write-up I noticed the reasoning: " Proposed Standard, since this is updating other Proposed Standard documents. " If the draft mainly provides context and background rather than procedures, what is the specific mechanism by which it is considered to be “updating” RFC 9112 and RFC 9298? In other words, does it truly update these RFCs in a standards-track sense, or does it serve more as an explanatory security note? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # comments # ======== 112 specified host and port. The server replies with a 2xx (Successful) 113 response to indicate that the request was accepted and a TCP 114 connection was established. After this point, the TCP connection is GV> Do the xx in the above displayed "2xx" have a meaning? I assume tha the "2" means successfull and that the xx is some code on the type of success? is there a reference for these? 190 different origin (party 3). Post-transition protocols such as 191 WebSocket similarly are often used to convey data chosen by a third 192 party. GV> Should there be a reference for the WebSocket protocol added? Thanks again for this wonderful written document. Kind Regards, Gunter Van de Velde RTG Area Director
Received on Monday, 8 September 2025 10:18:13 UTC