Re: [websec] WG Last Call for -strict-transport-sec-05 - COMMENTSRe: [websec] WG Last Call for -strict-transport-sec-05 - COMMENTS
Tobias Gondrom
2012-03-11
websec
/arch/msg/websec/NMkHGgXdrnBzQqljZcw5ugak26A/
1504523
1665270
Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
Julian Reschke
2012-03-10
websec
/arch/msg/websec/I3wn-RCrCfkcyB6fbIVqtLAmZqE/
1504522
1665250
Re: [websec] #10: note that end-entity certs can be dristrib'd to http clients ?Re: [websec] #10: note that end-entity certs can be dristrib'd to http clients ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/jY0wCMGcG3e4Kpn1V1VWMJOcLXk/
1504521
1665397
Re: [websec] #11: failing insecure connections and user recourseRe: [websec] #11: failing insecure connections and user recourse
websec issue tracker
2012-03-09
websec
/arch/msg/websec/2EXE6rh9xXnglLcSkOsnLgB5hjI/
1504520
1665393
Re: [websec] #12: Remove dependencies on HTTPbis and depend on RFC2616 onlyRe: [websec] #12: Remove dependencies on HTTPbis and depend on RFC2616 only
websec issue tracker
2012-03-09
websec
/arch/msg/websec/cFHE3GitN1yZbczKpJgi1KYX1sU/
1504519
1665390
Re: [websec] #13: clarify that max-age=0 will cause UA to forget a known HSTS hostRe: [websec] #13: clarify that max-age=0 will cause UA to forget a known HSTS host
websec issue tracker
2012-03-09
websec
/arch/msg/websec/RruxOWsSZQyTotydT5vqqRx-to8/
1504518
1665269
Re: [websec] #14: Effective Request URI definition issuesRe: [websec] #14: Effective Request URI definition issues
websec issue tracker
2012-03-09
websec
/arch/msg/websec/tu8_WwSxuo72Hpi7OJNeWkdyqsU/
1504517
1665369
Re: [websec] #27: HSTS header ABNF is a hybrid of RFC2616 and httpbis and is overly complex and brokenRe: [websec] #27: HSTS header ABNF is a hybrid of RFC2616 and httpbis and is overly complex and broken
websec issue tracker
2012-03-09
websec
/arch/msg/websec/RUdw_-BUEAIKDww6VSuFdmveWnI/
1504516
1665324
Re: [websec] #28: HSTS spec unclear about the denotation of "HSTS policy"Re: [websec] #28: HSTS spec unclear about the denotation of "HSTS policy"
websec issue tracker
2012-03-09
websec
/arch/msg/websec/KlicQM8Q9XoZML2i4bpszuV463E/
1504515
1665323
Re: [websec] #29: HSTS: dismbiguate "mixed content" term & provide referenceRe: [websec] #29: HSTS: dismbiguate "mixed content" term & provide reference
websec issue tracker
2012-03-09
websec
/arch/msg/websec/se69wKt43FifAOzZVprUnqLqtAU/
1504514
1665322
Re: [websec] #30: HSTS: add an informational reference to RFC 4732: Denial-of-Service ConsiderationsRe: [websec] #30: HSTS: add an informational reference to RFC 4732: Denial-of-Service Considerations
websec issue tracker
2012-03-09
websec
/arch/msg/websec/gPYmMmUtqScwpVe_aLBmYHQgKq8/
1504513
1665321
Re: [websec] #31: HSTS: mention case insesitivity in prose for "max-age" and "includeSubDomains"Re: [websec] #31: HSTS: mention case insesitivity in prose for "max-age" and "includeSubDomains"
websec issue tracker
2012-03-09
websec
/arch/msg/websec/FVgKi85G_IxEexz_i-yK5K4MP1M/
1504512
1665320
Re: [websec] #32: HSTS: explain some practical implications of includeSubDomains directiveRe: [websec] #32: HSTS: explain some practical implications of includeSubDomains directive
websec issue tracker
2012-03-09
websec
/arch/msg/websec/e5_Li29RWp3UeLCCVuRjtcbAJyw/
1504511
1665294
Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/w5OZrnYZ0r0MJTW6oac63EjX1M0/
1504510
1665291
Re: [websec] #34: HSTS cache manipulation and misuse by server enabled by wildcard certRe: [websec] #34: HSTS cache manipulation and misuse by server enabled by wildcard cert
websec issue tracker
2012-03-09
websec
/arch/msg/websec/tn34b4rtBaY99mOzsgmgPGw2Ti8/
1504509
1665285
Re: [websec] #35: HSTS spec could be more clear about UA behavior behind proxiesRe: [websec] #35: HSTS spec could be more clear about UA behavior behind proxies
websec issue tracker
2012-03-09
websec
/arch/msg/websec/4-NqI4iVCsibNYhvsH65zxA-L8I/
1504508
1665281
Re: [websec] #36: HSTS: fixup referencesRe: [websec] #36: HSTS: fixup references
websec issue tracker
2012-03-09
websec
/arch/msg/websec/hDuNIy2AQzvkB5WJeFDmjFjp__E/
1504507
1665280
Re: [websec] #26: reference IDNA2008 as well as IDNA2003Re: [websec] #26: reference IDNA2008 as well as IDNA2003
websec issue tracker
2012-03-09
websec
/arch/msg/websec/TjkQy12l-t9_sxfjkFLyAb6QBnk/
1504506
1665325
[websec] WG Last Call for -strict-transport-sec-05 ?[websec] WG Last Call for -strict-transport-sec-05 ?
=JeffH
2012-03-09
websec
/arch/msg/websec/jU7RV3HJaMFgyLMya6-pTn-LEM0/
1504505
1665270
Re: [websec] #9: explicitly note revocation check failures as errors causing connection termination?Re: [websec] #9: explicitly note revocation check failures as errors causing connection termination?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/D0lSfH5vjkZT2yEb3iDxPd146HY/
1504504
1665398
Re: [websec] #8: clarify/explain behavior when STS header not returned by known HSTS HostRe: [websec] #8: clarify/explain behavior when STS header not returned by known HSTS Host
websec issue tracker
2012-03-09
websec
/arch/msg/websec/EyE7ahFV9eCjH82quHaXgSyAUiM/
1504503
1665399
Re: [websec] #7: clarify and add examples/justification wrt connection termination due to tls warnings/errorsRe: [websec] #7: clarify and add examples/justification wrt connection termination due to tls warnings/errors
websec issue tracker
2012-03-09
websec
/arch/msg/websec/sPLdtjrmtGmDtHEVi1IZDdOZ6II/
1504502
1665400
Re: [websec] #6: cite FireSheep as real-life threat HSTS addressesRe: [websec] #6: cite FireSheep as real-life threat HSTS addresses
websec issue tracker
2012-03-09
websec
/arch/msg/websec/3Tg17jszbxHSJo7TUl7ijypTWXo/
1504501
1665401
Re: [websec] #5: Clarify need for IncludeSubDomainsRe: [websec] #5: Clarify need for IncludeSubDomains
websec issue tracker
2012-03-09
websec
/arch/msg/websec/rajnMxFFnPzdo7ZvyEOht1gnxMc/
1504500
1665402
Re: [websec] #4: Clarify that HSTS policy applies to entire host (all ports)Re: [websec] #4: Clarify that HSTS policy applies to entire host (all ports)
websec issue tracker
2012-03-09
websec
/arch/msg/websec/fhyvNzgYm8AAdX2l3x0BhOwOnF4/
1504499
1665403
Re: [websec] #3: Better Effective Request URI definitionRe: [websec] #3: Better Effective Request URI definition
websec issue tracker
2012-03-09
websec
/arch/msg/websec/JMNysoYhTWGntDoRuHi0yHukNR8/
1504498
1665404
Re: [websec] #2: Effective Request URI definition dependency on HTTPbis spec ?Re: [websec] #2: Effective Request URI definition dependency on HTTPbis spec ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/x-gyD33ijLpzWxXbkODx9R-goyM/
1504497
1665405
Re: [websec] #1: port mapping should be explicit about case where URI does not contain explicit portRe: [websec] #1: port mapping should be explicit about case where URI does not contain explicit port
websec issue tracker
2012-03-09
websec
/arch/msg/websec/EVjXhy92gwGnJx9a29IEMstyEt8/
1504496
1665406
[websec] new rev: draft-ietf-websec-strict-transport-sec-05[websec] new rev: draft-ietf-websec-strict-transport-sec-05
=JeffH
2012-03-09
websec
/arch/msg/websec/F-dtOXaIaHUZAXeKQJoLrJFEQkY/
1504495
1665271
[websec] I-D Action: draft-ietf-websec-strict-transport-sec-05.txt[websec] I-D Action: draft-ietf-websec-strict-transport-sec-05.txt
internet-drafts
2012-03-09
websec
/arch/msg/websec/zFW_4hNLQPL_1yb3AicxkJNHU3E/
1504494
1665272
Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/I2sa1IFvLuMB0JPzS0YZ1tR2j_I/
1504493
1665291
[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
=JeffH
2012-03-09
websec
/arch/msg/websec/19lGuTESYWm42iLE717Ce_I-vCw/
1504492
1665250
Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
Julian Reschke
2012-03-09
websec
/arch/msg/websec/hisMFNUQAaOZozkF18aUhlobQgo/
1504491
1665250
[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
=JeffH
2012-03-08
websec
/arch/msg/websec/SvXYh6XU4Yy2C28dvBURJRAPPMc/
1504490
1665250
Re: [websec] #36: HSTS: fixup referencesRe: [websec] #36: HSTS: fixup references
websec issue tracker
2012-03-08
websec
/arch/msg/websec/QM9W2z8txXUbutl3gO05ErbXLkY/
1504489
1665280
[websec] Fwd: I-D Action: draft-nir-websec-extended-origin-02.txt[websec] Fwd: I-D Action: draft-nir-websec-extended-origin-02.txt
Yoav Nir
2012-03-06
websec
/arch/msg/websec/mqM0dbLaT8DDUsoCKatJlvhEzog/
1504488
1665273
Re: [websec] Frame-Options header and intermediate framesRe: [websec] Frame-Options header and intermediate frames
Tobias Gondrom
2012-03-05
websec
/arch/msg/websec/xnTdWEfFPVpFVdpGYc_Uy3c3l0I/
1504487
1665274
Re: [websec] I-D Action: draft-nir-websec-extended-origin-00.txtRe: [websec] I-D Action: draft-nir-websec-extended-origin-00.txt
Yoav Nir
2012-03-04
websec
/arch/msg/websec/pYxwgKufMwvAmQPnP05lYesXtjo/
1504486
1665276
Re: [websec] Fwd: I-D Action: draft-nir-websec-extended-origin-00.txtRe: [websec] Fwd: I-D Action: draft-nir-websec-extended-origin-00.txt
Tobias Gondrom
2012-03-03
websec
/arch/msg/websec/FV5_XAnino8NnK4Ty1ANS9XzbwI/
1504485
1665276
Re: [websec] I-D Action: draft-nir-websec-extended-origin-00.txtRe: [websec] I-D Action: draft-nir-websec-extended-origin-00.txt
Adam Barth
2012-02-26
websec
/arch/msg/websec/RCn26mAFFL1SP78-yBCZSsfYE08/
1504484
1665276
2399 Messages