FYI, a new draft in the IETF HTTPbis WG about the Upgrade: header which we use for opportunistic encryption of IPP requests. So far they are happy with the RFC 2817 security considerations for TLS upgrade so no changes we need to be aware of...
> Begin forwarded message:
>> From: internet-drafts at ietf.org> Subject: I-D Action: draft-ietf-httpbis-optimistic-upgrade-00.txt
> Date: July 2, 2024 at 9:13:03 AM EDT
> To: <i-d-announce at ietf.org>
> Cc: ietf-http-wg at w3.org> Resent-From: ietf-http-wg at w3.org> Reply-To: ietf-http-wg at w3.org>> Internet-Draft draft-ietf-httpbis-optimistic-upgrade-00.txt is now available.
> It is a work item of the HTTP (HTTPBIS) WG of the IETF.
>> Title: Security Considerations for Optimistic Use of HTTP Upgrade
> Author: Benjamin M. Schwartz
> Name: draft-ietf-httpbis-optimistic-upgrade-00.txt
> Pages: 9
> Dates: 2024-07-02
>> Abstract:
>> The HTTP/1.1 Upgrade mechanism allows the client to request a change
> to a new protocol. This document discusses the security
> considerations that apply to data sent by the client before this
> request is confirmed, and updates RFC 9298 to avoid related security
> issues.
>> The IETF datatracker status page for this Internet-Draft is:
>https://datatracker.ietf.org/doc/draft-ietf-httpbis-optimistic-upgrade/>> There is also an HTML version available at:
>https://www.ietf.org/archive/id/draft-ietf-httpbis-optimistic-upgrade-00.html>> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>>>
________________________
Michael Sweet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20240702/cbd0772e/attachment.html>