> Le 29 nov. 2021 à 05:22, Robert Wilton via Datatracker <nore...@ietf.org> a > écrit : > > Robert Wilton has entered the following ballot position for > draft-ietf-regext-rfc7484bis-04: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-regext-rfc7484bis/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Hi, > > Thanks for this document. > > Regarding, 5.3. Bootstrap Service Registry for AS Number Space > > The complete > query is, therefore, "https://example.net/rdaprir2/autnum/65411";. If > the server does not answer, the client can then use another URL > prefix from the array. > > Does allowing URLs over http:// potentially open up the possibility of > downgrade attacks, e.g., DDOS'ing the https version of a service to force it > to > use a service available on an http version instead? Would it be helpful to > describe this in the security section, perhaps recommending that only https:// > URLs are used?
<MB>Will be discussed in a separate thread</MB> > > As a trivial nit, I would suggest "ordered" is better than "sorted" in section > 3, and perhaps also in section 13. <MB>Done in -05</MB> Marc. > > Thanks, > Rob > > > _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
