Re: [websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origi

Below a few late comments..

6. Serializing Origins

- It really really seems that the two algorithms need to be swapped (thefirst one converts to ASCII, but the second does not).


- Also, I'd prefer a declarative definition.

7. The HTTP Origin header

- header *field*

- the syntax doesn't allow multiple header fields, and the prose saysclients MUST NOT generate them; what is the recipient supposed to dowhen it get's multiple instances anyway? Is the default approach(ignoring them all) good enough? Do we need to warn recipients so thatthey check?


11. References

- the WEBSOCKETS reference should be updated (if a new draft is produced)

Best regards, Julian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Hyatt Taipei cancellation policy?, Michael Richardson

Next by Date:

Re: [mpls] Last Call: <draft-ietf-mpls-tp-on-demand-cv-06.txt> (MPLSOn-demand Connectivity Verification and Route Tracing) toProposed Standard, Yoshinori Koike

Previous by Thread:

Questionnaire to survey opinion concerning a possible redefinition of UTC, Stephane Bortzmeyer

Next by Thread:

GEN-ART review of draft-ietf-krb-wg-clear-text-cred-02, kathleen.moriarty

Indexes:

[Date] [Thread] [Top] [All Lists]

Re: [websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origin Concept) to Proposed Standard