Re: Errata for The Web Origin Concept from Tobias Gondrom on 2012-06-10 (www-archive@w3.org from June 2012)

From: Tobias Gondrom <tobias.gondrom@gondrom.org>
Date: Sun, 10 Jun 2012 11:52:00 +0100
To: julian.reschke@gmx.de
CC: w3c@adambarth.com, annevk@annevk.nl, www-archive@w3.org
Message-ID: <4FD47C50.8040305@gondrom.org>

On 08/06/12 11:19, Julian Reschke wrote:
> On 2012-06-08 09:41, Adam Barth wrote:
>> On Fri, Jun 8, 2012 at 12:31 AM, Anne van Kesteren <annevk@annevk.nl> 
>> wrote:
>>> Not sure where http://tools.ietf.org/html/rfc6454 is discussed these
>>> days, but I think we should issue an errata for the list of origins.
>>> In particular, I think we should not have the list of origins concept
>>> in the platform and only accept a single origin or null. The new
>>> syntax would be:
>>>
>>>   origin         = "Origin:" OWS origin-or-null OWS
>>>   origin-or-null = %x6E %x75 %x6C %x6C / serialized-origin
>>>
>>> It was introduced for CORS, but we decided not to use it there. I
>>> don't think we want it elsewhere either. And leaving things like that
>>> up to choice is bad.
>>>
>>> What do you think?
>>
>> Ok.  We added it for CORS to support redirects.  If you're not using
>> it in CORS, I don't know of any other reason for it existing.
>>
>> I'm not sure how best to handle these issues from a process point of
>> view.  The IETF has an errata process we can try if you like.  I'm
>> open to other suggestions.
>
> If there is agreement that this should change, I recommend submitting 
> an erratum (<http://www.rfc-editor.org/errata.php#reportnew>).
>
> I would expect that this would be classified as "held for document 
> update"; so at some point in the future the RFC would need to be revised.
>
> The right place to discuss this BTW is the ietf websec WG 
> (<http://tools.ietf.org/wg/websec/>).
>
> Best regards, Julian
>
Hello,

Julian is right: RFC6454's home has not changed and is the websec WG at 
the IETF:
http://tools.ietf.org/wg/websec/charters

IETF has received the request for errata.
Best is probably to submit it as an issue in the websec tracker for the 
origin draft / RFC.
(or you can also post it to the websec mailing-list)
However, please note that there would only be action on this item 
if/when RFC6454 gets an update, unless you make a sufficiently strong 
case for why there needs to be an errata/update now or in the very near 
future.

Best regards,
Tobias
(chair of websec)

Received on Sunday, 10 June 2012 10:52:29 UTC