Ticket #549 (closed editorial: incorporated)
augment security considerations with pointers to current research
|Reported by:||firstname.lastname@example.org||Owned by:||email@example.com|
|Component:||p1-messaging||Severity:||In IESG Evaluation|
There was originally supposed to be a separate deliverable to describe the security properties of HTTP, but that's not happening. I think its fair to say that the security considerations here (or across the entire set) don't really do all of that as well. I think that does leave a gap. However, I'm not sure what to do about that, since I don't believe there's any real chance of getting anyone to address this gap - its been tried and apparently failed, and with lots of security work in HTTP/2.0, its extremely unlikely that a victim will be found for this un-fun task.
That said, I do think it'd be worthwhile if the authors made an attempt to fill that gap by spending some cycles on finding a good set of references to HTTP security topics and adding those to the security considerations sections of p1 and/or p2.
Now, I'm sure that the authors won't want to do that (who ever wants to do a state-of-the-art study? even a tiny one like this) so the point I want to DISCUSS with the IESG initially and then with the chair and authors is whether or not that's a reasonable ask. (So, authors, no need to chime in just yet.)
- Summary changed from augment security considerations to augment security considerations with pointers to current research
- Status changed from new to closed
- Resolution set to incorporated