IETF conflict review for draft-secure-cookie-session-protocol
conflict-review-secure-cookie-session-protocol-00
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-11-19
|
00 | Amy Vezza | The following approval message was sent From: The IESG To: "Nevil Brownlee" , draft-secure-cookie-session-protocol@tools.ietf.org Cc: The IESG , , Subject: Results of IETF-conflict review for … The following approval message was sent From: The IESG To: "Nevil Brownlee" , draft-secure-cookie-session-protocol@tools.ietf.org Cc: The IESG , , Subject: Results of IETF-conflict review for draft-secure-cookie-session-protocol-08 The IESG has completed a review of draft-secure-cookie-session-protocol-08 consistent with RFC5742. The IESG has no problem with the publication of 'SCS: Secure Cookie Sessions for HTTP' as an Informational RFC. The IESG has concluded that this work is related to IETF work done in the websec and httpbis working groups, but this relationship does not prevent publishing. The IESG would also like the RFC-Editor to review the comments in the datatracker related to this document and determine whether or not they merit incorporation into the document. Comments may exist in both the ballot and the history log. The IESG review is documented at: http://datatracker.ietf.org/doc/conflict-review-secure-cookie-session-protocol/ A URL of the reviewed Internet Draft is: http://datatracker.ietf.org/doc/draft-secure-cookie-session-protocol/ The process for such documents is described at http://www.rfc-editor.org/indsubs.html Thank you, The IESG Secretary |
2012-11-19
|
00 | Amy Vezza | IESG has approved the conflict review response |
2012-11-19
|
00 | Amy Vezza | Closed "Approve" ballot |
2012-11-19
|
00 | Amy Vezza | State changed to Approved No Problem - announcement sent from Approved No Problem - announcement to be sent |
2012-11-15
|
00 | Cindy Morgan | State changed to Approved No Problem - announcement to be sent from IESG Evaluation |
2012-11-15
|
00 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2012-11-15
|
00 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo |
2012-11-14
|
00 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded for Ralph Droms |
2012-11-14
|
00 | Sean Turner | [Ballot comment] No objections to publication. Two questions that I hope the authors might consider: 1) I'm just kind of throwing this one out there: … [Ballot comment] No objections to publication. Two questions that I hope the authors might consider: 1) I'm just kind of throwing this one out there: Recently there's been some attacks against the use of compression and encryption. Is this susceptible to the CRIME-like attacks? 2) In a coupe of places you discuss multiple servers and server pools. If the server is the only "actor" but now there's more than one "actor" then you're sharing the keys around - right? Where's that mechanism described and where's the security consideration about sharing the key around? And some nits on the draft: s3.2.2: Need reference for AES-CBC-128 s3.2.2: Shameless plug an RFC on appropriateness of HMAC-SHA1: RFC 6194. |
2012-11-14
|
00 | Sean Turner | [Ballot Position Update] New position, No Objection, has been recorded for Sean Turner |
2012-11-14
|
00 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2012-11-14
|
00 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley |
2012-11-13
|
00 | Wesley Eddy | [Ballot Position Update] New position, No Objection, has been recorded for Wesley Eddy |
2012-11-13
|
00 | Robert Sparks | [Ballot comment] Following the idea in Stephen's comment, I encourage the authors of this draft to further clarify that this is documenting an existing, deployed … [Ballot comment] Following the idea in Stephen's comment, I encourage the authors of this draft to further clarify that this is documenting an existing, deployed concept. I found the thread at particularly useful in evaluating this conflict review response, especially messages and . |
2012-11-13
|
00 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded for Robert Sparks |
2012-11-13
|
00 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2012-11-13
|
00 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded for Ronald Bonica |
2012-11-12
|
00 | Stephen Farrell | [Ballot comment] I agree with the idea of putting in the company name. But other distinguishers would also be fine, the idea is just to … [Ballot comment] I agree with the idea of putting in the company name. But other distinguishers would also be fine, the idea is just to make it clear somehow that this isn't an IETF piece of work, since its reasonably likely that a future IETF piece of work might look quite similar as this is a reasonable thing and an IETF standard might well not differ much at all. |
2012-11-12
|
00 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
2012-11-12
|
00 | Stewart Bryant | [Ballot comment] If it is a company protocol I agree with Barry, but given the open source code availability, it is not clear whether this … [Ballot comment] If it is a company protocol I agree with Barry, but given the open source code availability, it is not clear whether this is proprietary, or open/public. I am confident that the ISE will make the right call on this. |
2012-11-12
|
00 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
2012-11-10
|
00 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2012-11-10
|
00 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2012-11-09
|
00 | Barry Leiba | [Ballot comment] The authors are asked to please add the company name to the title, and to adjust the abstract and introduction to make it … [Ballot comment] The authors are asked to please add the company name to the title, and to adjust the abstract and introduction to make it clear that this is their company's proposal, presented for the community's information. |
2012-11-09
|
00 | Barry Leiba | Ballot comment text updated for Barry Leiba |
2012-11-09
|
00 | Barry Leiba | New version available: conflict-review-secure-cookie-session-protocol-00.txt |
2012-11-09
|
00 | Barry Leiba | [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba |
2012-11-09
|
00 | Barry Leiba | Created "Approve" ballot |
2012-11-09
|
00 | Barry Leiba | State changed to IESG Evaluation from AD Review |
2012-10-23
|
00 | Barry Leiba | Removed telechat returning item indication |
2012-10-23
|
00 | Barry Leiba | Telechat date has been changed to 2012-11-15 from 2012-10-25 |
2012-10-18
|
00 | Barry Leiba | State changed to AD Review from Needs Shepherd |
2012-10-18
|
00 | Barry Leiba | Posted messages to saag, apps-discuss, httpbis, httpstate, websec, jose, oauth -- requesting community input. |
2012-10-17
|
00 | Barry Leiba | Shepherding AD changed to Barry Leiba |
2012-10-16
|
00 | Cindy Morgan | The draft draft-secure-cookie-session-protocol-08.txt is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The … The draft draft-secure-cookie-session-protocol-08.txt is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The following is some background for this draft, please forward it to IESG along with this request ... Abstract: This document provides an overview of SCS, a small cryptographic protocol layered on top of the HTTP cookie facility, that allows its protocol layered on top of the HTTP cookie facility, that allows its users to produce and consume authenticated and encrypted cookies, as users to produce and consume authenticated and encrypted cookies, as opposed to usual cookies, which are un-authenticated and sent in clear text. It was reviewed by Jim Schaad, who gave Thomas quite a long list of things to improve. He's done that, Jim and I agree that it's ready for IESG review. Thanks, Nevil (ISE) -- Nevil Brownlee (ISE), rfc-ise@rfc-editor.org |
2012-10-16
|
00 | Cindy Morgan | Placed on agenda for telechat - 2012-10-25 |
2012-10-16
|
00 | Cindy Morgan | IETF conflict review requested |