On Sun, Jun 26, 2011 at 2:57 PM, Chris Weber <[email protected]> wrote: > A couple of questions: > > 1) Do you have a reference to the "chrome-extension URI scheme"? I was just > trying to figure out what it was.
I'll add a reference. It's not standard, but it's used in the Chrome extension system. Basically, the URLs look like the following: chrome-extension://ankgjoopnopeoeljehjkighfcfefalcg/foo.html ankgjoopnopeoeljehjkighfcfefalcg is (roughly) a fingerprint of a public key. > 2) In section 6.1 where it says: > > "4. Apply the IDNA ToUnicode algorithm [RFC5891] to each component of > the host part of the origin triple" > > Should the reference be to Section 4.2 "ToUnicode" of RFC3490 > http://tools.ietf.org/html/rfc3490#section-4.2, or Section 5.2 "Conversion > to Unicode" of RFC 5891 http://tools.ietf.org/html/rfc5891#section-5.2? http://tools.ietf.org/html/draft-ietf-websec-origin-02#section-10.1 [[ IDNA2008 [RFC5890] supersedes IDNA2003 [RFC3490] but is not backwards-compatible. For this reason, there will be a transition period (possibly of a number of years). User agents SHOULD implement IDNA2008 [RFC5890] and MAY implement [Unicode Technical Standard #46 <http://unicode.org/reports/tr46/>] in order to facilitate a smoother IDNA transition. If a user agent does not implement IDNA2008, the user agent MUST implement IDNA2003 [RFC3490]. ]] which is a polite way of saying that the authors of RFC 5891 didn't pay attention to the constraints of some implementors, which means those implementors will probably ignore RFC 5891 for the foreseeable future. Adam > On 6/24/2011 1:59 PM, Adam Barth wrote: > > I've posted an updated version of the origin draft: > > http://www.ietf.org/id/draft-ietf-websec-origin-02.txt > > The new version includes Security Considerations, IANA Considerations, > and a completed references section. Feedback on the new Security > Considerations section would be much appreciated. > > I also removed the (stub) Privacy Considerations section. If there's > something you think should be discussed there, let me know. > > Thanks, > Adam > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec > > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec > > _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
