Re: [websec] WG Last Call for -strict-transport-sec-05 - COMMENTSRe: [websec] WG Last Call for -strict-transport-sec-05 - COMMENTS
=JeffH
2012-03-12
websec
/arch/msg/websec/ZI16t9Yd38TOw0l_6haFyx-9Nao
1504526
1665265
Re: [websec] new rev: draft-ietf-websec-strict-transport-sec-05Re: [websec] new rev: draft-ietf-websec-strict-transport-sec-05
Tobias Gondrom
2012-03-11
websec
/arch/msg/websec/1plK2h5OVDUKFIrZKZhUbXrUA2I
1504525
1665271
[websec] #37: Clarify that superdomain HSTS flag does not update max-age of subdomain's HSTS max-age and vice versa[websec] #37: Clarify that superdomain HSTS flag does not update max-age of subdomain's HSTS max-age and vice versa
websec issue tracker
2012-03-11
websec
/arch/msg/websec/H3_Jpqk2gjYh_nahfgBc1eoYD9E
1504524
1665268
Re: [websec] WG Last Call for -strict-transport-sec-05 - COMMENTSRe: [websec] WG Last Call for -strict-transport-sec-05 - COMMENTS
Tobias Gondrom
2012-03-11
websec
/arch/msg/websec/NMkHGgXdrnBzQqljZcw5ugak26A
1504523
1665270
Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
Julian Reschke
2012-03-10
websec
/arch/msg/websec/I3wn-RCrCfkcyB6fbIVqtLAmZqE
1504522
1665250
Re: [websec] #10: note that end-entity certs can be dristrib'd to http clients ?Re: [websec] #10: note that end-entity certs can be dristrib'd to http clients ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/jY0wCMGcG3e4Kpn1V1VWMJOcLXk
1504521
1665397
Re: [websec] #11: failing insecure connections and user recourseRe: [websec] #11: failing insecure connections and user recourse
websec issue tracker
2012-03-09
websec
/arch/msg/websec/2EXE6rh9xXnglLcSkOsnLgB5hjI
1504520
1665393
Re: [websec] #12: Remove dependencies on HTTPbis and depend on RFC2616 onlyRe: [websec] #12: Remove dependencies on HTTPbis and depend on RFC2616 only
websec issue tracker
2012-03-09
websec
/arch/msg/websec/cFHE3GitN1yZbczKpJgi1KYX1sU
1504519
1665390
Re: [websec] #13: clarify that max-age=0 will cause UA to forget a known HSTS hostRe: [websec] #13: clarify that max-age=0 will cause UA to forget a known HSTS host
websec issue tracker
2012-03-09
websec
/arch/msg/websec/RruxOWsSZQyTotydT5vqqRx-to8
1504518
1665269
Re: [websec] #14: Effective Request URI definition issuesRe: [websec] #14: Effective Request URI definition issues
websec issue tracker
2012-03-09
websec
/arch/msg/websec/tu8_WwSxuo72Hpi7OJNeWkdyqsU
1504517
1665369
Re: [websec] #27: HSTS header ABNF is a hybrid of RFC2616 and httpbis and is overly complex and brokenRe: [websec] #27: HSTS header ABNF is a hybrid of RFC2616 and httpbis and is overly complex and broken
websec issue tracker
2012-03-09
websec
/arch/msg/websec/RUdw_-BUEAIKDww6VSuFdmveWnI
1504516
1665324
Re: [websec] #28: HSTS spec unclear about the denotation of "HSTS policy"Re: [websec] #28: HSTS spec unclear about the denotation of "HSTS policy"
websec issue tracker
2012-03-09
websec
/arch/msg/websec/KlicQM8Q9XoZML2i4bpszuV463E
1504515
1665323
Re: [websec] #29: HSTS: dismbiguate "mixed content" term & provide referenceRe: [websec] #29: HSTS: dismbiguate "mixed content" term & provide reference
websec issue tracker
2012-03-09
websec
/arch/msg/websec/se69wKt43FifAOzZVprUnqLqtAU
1504514
1665322
Re: [websec] #30: HSTS: add an informational reference to RFC 4732: Denial-of-Service ConsiderationsRe: [websec] #30: HSTS: add an informational reference to RFC 4732: Denial-of-Service Considerations
websec issue tracker
2012-03-09
websec
/arch/msg/websec/gPYmMmUtqScwpVe_aLBmYHQgKq8
1504513
1665321
Re: [websec] #31: HSTS: mention case insesitivity in prose for "max-age" and "includeSubDomains"Re: [websec] #31: HSTS: mention case insesitivity in prose for "max-age" and "includeSubDomains"
websec issue tracker
2012-03-09
websec
/arch/msg/websec/FVgKi85G_IxEexz_i-yK5K4MP1M
1504512
1665320
Re: [websec] #32: HSTS: explain some practical implications of includeSubDomains directiveRe: [websec] #32: HSTS: explain some practical implications of includeSubDomains directive
websec issue tracker
2012-03-09
websec
/arch/msg/websec/e5_Li29RWp3UeLCCVuRjtcbAJyw
1504511
1665294
Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/w5OZrnYZ0r0MJTW6oac63EjX1M0
1504510
1665291
Re: [websec] #34: HSTS cache manipulation and misuse by server enabled by wildcard certRe: [websec] #34: HSTS cache manipulation and misuse by server enabled by wildcard cert
websec issue tracker
2012-03-09
websec
/arch/msg/websec/tn34b4rtBaY99mOzsgmgPGw2Ti8
1504509
1665285
Re: [websec] #35: HSTS spec could be more clear about UA behavior behind proxiesRe: [websec] #35: HSTS spec could be more clear about UA behavior behind proxies
websec issue tracker
2012-03-09
websec
/arch/msg/websec/4-NqI4iVCsibNYhvsH65zxA-L8I
1504508
1665281
Re: [websec] #36: HSTS: fixup referencesRe: [websec] #36: HSTS: fixup references
websec issue tracker
2012-03-09
websec
/arch/msg/websec/hDuNIy2AQzvkB5WJeFDmjFjp__E
1504507
1665280
Re: [websec] #26: reference IDNA2008 as well as IDNA2003Re: [websec] #26: reference IDNA2008 as well as IDNA2003
websec issue tracker
2012-03-09
websec
/arch/msg/websec/TjkQy12l-t9_sxfjkFLyAb6QBnk
1504506
1665325
[websec] WG Last Call for -strict-transport-sec-05 ?[websec] WG Last Call for -strict-transport-sec-05 ?
=JeffH
2012-03-09
websec
/arch/msg/websec/jU7RV3HJaMFgyLMya6-pTn-LEM0
1504505
1665270
Re: [websec] #9: explicitly note revocation check failures as errors causing connection termination?Re: [websec] #9: explicitly note revocation check failures as errors causing connection termination?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/D0lSfH5vjkZT2yEb3iDxPd146HY
1504504
1665398
Re: [websec] #8: clarify/explain behavior when STS header not returned by known HSTS HostRe: [websec] #8: clarify/explain behavior when STS header not returned by known HSTS Host
websec issue tracker
2012-03-09
websec
/arch/msg/websec/EyE7ahFV9eCjH82quHaXgSyAUiM
1504503
1665399
Re: [websec] #7: clarify and add examples/justification wrt connection termination due to tls warnings/errorsRe: [websec] #7: clarify and add examples/justification wrt connection termination due to tls warnings/errors
websec issue tracker
2012-03-09
websec
/arch/msg/websec/sPLdtjrmtGmDtHEVi1IZDdOZ6II
1504502
1665400
Re: [websec] #6: cite FireSheep as real-life threat HSTS addressesRe: [websec] #6: cite FireSheep as real-life threat HSTS addresses
websec issue tracker
2012-03-09
websec
/arch/msg/websec/3Tg17jszbxHSJo7TUl7ijypTWXo
1504501
1665401
Re: [websec] #5: Clarify need for IncludeSubDomainsRe: [websec] #5: Clarify need for IncludeSubDomains
websec issue tracker
2012-03-09
websec
/arch/msg/websec/rajnMxFFnPzdo7ZvyEOht1gnxMc
1504500
1665402
Re: [websec] #4: Clarify that HSTS policy applies to entire host (all ports)Re: [websec] #4: Clarify that HSTS policy applies to entire host (all ports)
websec issue tracker
2012-03-09
websec
/arch/msg/websec/fhyvNzgYm8AAdX2l3x0BhOwOnF4
1504499
1665403
Re: [websec] #3: Better Effective Request URI definitionRe: [websec] #3: Better Effective Request URI definition
websec issue tracker
2012-03-09
websec
/arch/msg/websec/JMNysoYhTWGntDoRuHi0yHukNR8
1504498
1665404
Re: [websec] #2: Effective Request URI definition dependency on HTTPbis spec ?Re: [websec] #2: Effective Request URI definition dependency on HTTPbis spec ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/x-gyD33ijLpzWxXbkODx9R-goyM
1504497
1665405
Re: [websec] #1: port mapping should be explicit about case where URI does not contain explicit portRe: [websec] #1: port mapping should be explicit about case where URI does not contain explicit port
websec issue tracker
2012-03-09
websec
/arch/msg/websec/EVjXhy92gwGnJx9a29IEMstyEt8
1504496
1665406
[websec] new rev: draft-ietf-websec-strict-transport-sec-05[websec] new rev: draft-ietf-websec-strict-transport-sec-05
=JeffH
2012-03-09
websec
/arch/msg/websec/F-dtOXaIaHUZAXeKQJoLrJFEQkY
1504495
1665271
[websec] I-D Action: draft-ietf-websec-strict-transport-sec-05.txt[websec] I-D Action: draft-ietf-websec-strict-transport-sec-05.txt
internet-drafts
2012-03-09
websec
/arch/msg/websec/zFW_4hNLQPL_1yb3AicxkJNHU3E
1504494
1665272
Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?Re: [websec] #33: HSTS: quoted-string grammar in (extension) directives ?
websec issue tracker
2012-03-09
websec
/arch/msg/websec/I2sa1IFvLuMB0JPzS0YZ1tR2j_I
1504493
1665291
[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
=JeffH
2012-03-09
websec
/arch/msg/websec/19lGuTESYWm42iLE717Ce_I-vCw
1504492
1665250
Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
Julian Reschke
2012-03-09
websec
/arch/msg/websec/hisMFNUQAaOZozkF18aUhlobQgo
1504491
1665250
[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04[websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
=JeffH
2012-03-08
websec
/arch/msg/websec/SvXYh6XU4Yy2C28dvBURJRAPPMc
1504490
1665250
Re: [websec] #36: HSTS: fixup referencesRe: [websec] #36: HSTS: fixup references
websec issue tracker
2012-03-08
websec
/arch/msg/websec/QM9W2z8txXUbutl3gO05ErbXLkY
1504489
1665280
[websec] Fwd: I-D Action: draft-nir-websec-extended-origin-02.txt[websec] Fwd: I-D Action: draft-nir-websec-extended-origin-02.txt
Yoav Nir
2012-03-06
websec
/arch/msg/websec/mqM0dbLaT8DDUsoCKatJlvhEzog
1504488
1665273
Re: [websec] Frame-Options header and intermediate framesRe: [websec] Frame-Options header and intermediate frames
Tobias Gondrom
2012-03-05
websec
/arch/msg/websec/xnTdWEfFPVpFVdpGYc_Uy3c3l0I
1504487
1665274
2399 Messages