Hi,
Is this one valid?
https://www.rfc-editor.org/errata/eid6843
> the challenge must be initiated over HTTP, not HTTPS.
What if the host is on a .dev domain? That should be in the HSTS preload
list.
thanks,
Rob
___
Acme mailing list
Acme@ietf.org
ht
oad
> list. The idea of the preload list is an extension of HSTS implemented by
> certain browsers, but other user-agents are under no obligation to respect
> a preload list.
>
> Aaron
>
> On Thu, Jan 11, 2024 at 7:03 PM Rob Sayre wrote:
>
>> Hi,
>>
>> Is
On Thu, Jan 11, 2024 at 7:15 PM Amir Omidi wrote:
> There is nothing blocking .dev domains responding over http. To be
> specific, a TLD can not block a protocol like that.
>
Right, but one should not expect to get a redirect response. The server
shouldn't answer (many of them do, which is a bug
Deb Cooley wrote:
> This is the beginning of a two week WGLC for this draft, which will end on
> 26 Jan.
>
> Please review and comment.
I read it, and would not object to it being published as independent
submission. But, I never object to publishing anything.
I do not think it represents IETF c
On Sun, Jan 14, 2024 at 3:01 AM Deb Cooley wrote:
> I had this marked as 'hold for update' (vs. 'verified'). I can't tell
> from the discussion how you think we should be handling it.
>
The erratum says "the challenge must be initiated over HTTP, not HTTPS.",
which is a little better than the c
On Sun, Jan 14, 2024 at 9:12 PM Aaron Gable wrote:
> On Sun, Jan 14, 2024, 10:12 Rob Sayre wrote:
>
>> On Sun, Jan 14, 2024 at 3:01 AM Deb Cooley wrote:
>>
>>> I had this marked as 'hold for update' (vs. 'verified'). I can't tell
>>&g
On Mon, Jan 15, 2024 at 3:42 AM Deb Cooley wrote:
> Items being brought up for discussion need to have specific and concrete
> examples within scope.
>
I think the issue is that the spec is not specific or concrete:
"Because many web servers
allocate a default HTTPS virtual host to a particul
p for update, I hope
> you will participate.
>
> Deb
>
> On Mon, Jan 15, 2024 at 7:41 AM Rob Sayre wrote:
>
>> On Mon, Jan 15, 2024 at 3:42 AM Deb Cooley wrote:
>>
>>> Items being brought up for discussion need to have specific and
>>> concrete
I was reading the accepted errata, and I noticed the ones about the HTTP
request line.
But... I don't think that concept really applies to versions past HTTP/1.1.
Then, I thought, well maybe they cite HTTP/1.1 directly. But I think
the draft doesn't normatively cite an HTTP RFC (I looked, maybe I
