#549 closed editorial (incorporated)
augment security considerations with pointers to current research
Reported by: | julian.reschke@… | Owned by: | draft-ietf-httpbis-p1-messaging@… |
---|---|---|---|
Priority: | normal | Milestone: | 26 |
Component: | p1-messaging | Severity: | In IESG Evaluation |
Keywords: | Cc: |
Description
Stephen Farrell
Discuss (2013-12-19)
There was originally supposed to be a separate deliverable to describe the security properties of HTTP, but that's not happening. I think its fair to say that the security considerations here (or across the entire set) don't really do all of that as well. I think that does leave a gap. However, I'm not sure what to do about that, since I don't believe there's any real chance of getting anyone to address this gap - its been tried and apparently failed, and with lots of security work in HTTP/2.0, its extremely unlikely that a victim will be found for this un-fun task.
That said, I do think it'd be worthwhile if the authors made an attempt to fill that gap by spending some cycles on finding a good set of references to HTTP security topics and adding those to the security considerations sections of p1 and/or p2.
Now, I'm sure that the authors won't want to do that (who ever wants to do a state-of-the-art study? even a tiny one like this) so the point I want to DISCUSS with the IESG initially and then with the chair and authors is whether or not that's a reasonable ask. (So, authors, no need to chime in just yet.)
Attachments (1)
Change History (10)
comment:1 Changed 8 years ago by julian.reschke@…
- Summary changed from augment security considerations to augment security considerations with pointers to current research
Changed 8 years ago by julian.reschke@…
comment:2 Changed 8 years ago by julian.reschke@…
comment:3 Changed 8 years ago by julian.reschke@…
- Resolution set to incorporated
- Status changed from new to closed
Proposed patch for p1