On 08/06/12 11:19, Julian Reschke wrote:
On 2012-06-08 09:41, Adam Barth wrote:
On Fri, Jun 8, 2012 at 12:31 AM, Anne van Kesteren <ann...@annevk.nl>
wrote:
Not sure where http://tools.ietf.org/html/rfc6454 is discussed these
days, but I think we should issue an errata for the list of origins.
In particular, I think we should not have the list of origins concept
in the platform and only accept a single origin or null. The new
syntax would be:
origin = "Origin:" OWS origin-or-null OWS
origin-or-null = %x6E %x75 %x6C %x6C / serialized-origin
It was introduced for CORS, but we decided not to use it there. I
don't think we want it elsewhere either. And leaving things like that
up to choice is bad.
What do you think?
Ok. We added it for CORS to support redirects. If you're not using
it in CORS, I don't know of any other reason for it existing.
I'm not sure how best to handle these issues from a process point of
view. The IETF has an errata process we can try if you like. I'm
open to other suggestions.
If there is agreement that this should change, I recommend submitting
an erratum (<http://www.rfc-editor.org/errata.php#reportnew>).
I would expect that this would be classified as "held for document
update"; so at some point in the future the RFC would need to be revised.
The right place to discuss this BTW is the ietf websec WG
(<http://tools.ietf.org/wg/websec/>).
Best regards, Julian
Hello,
Julian is right: RFC6454's home has not changed and is the websec WG at
the IETF:
http://tools.ietf.org/wg/websec/charters
IETF has received the request for errata.
Best is probably to submit it as an issue in the websec tracker for the
origin draft / RFC.
(or you can also post it to the websec mailing-list)
However, please note that there would only be action on this item
if/when RFC6454 gets an update, unless you make a sufficiently strong
case for why there needs to be an errata/update now or in the very near
future.
Best regards,
Tobias
(chair of websec)
