Re: [HASMAT] "STS" moniker (was: IETF BoF @IETF-78 Maastricht: HASMAT...)

=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 30 June 2010 20:03 UTC

Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BEC263A6924 for <hasmat@core3.amsl.com>; Wed, 30 Jun 2010 13:03:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.878
X-Spam-Level:
X-Spam-Status: No, score=-0.878 tagged_above=-999 required=5 tests=[AWL=-1.027, BAYES_40=-0.185, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9runfxFyzfUQ for <hasmat@core3.amsl.com>; Wed, 30 Jun 2010 13:03:50 -0700 (PDT)
Received: from cpoproxy1-pub.bluehost.com (cpoproxy1-pub.bluehost.com [69.89.21.11]) by core3.amsl.com (Postfix) with SMTP id BE9903A68F3 for <hasmat@ietf.org>; Wed, 30 Jun 2010 13:03:47 -0700 (PDT)
Received: (qmail 9008 invoked by uid 0); 30 Jun 2010 20:03:58 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy1.bluehost.com with SMTP; 30 Jun 2010 20:03:58 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=RwQOOsj+mu+tV1kGISODgSyRhKSl8Wb3l+KV3MeIvq3N5re0HCr7uZVtd27Kxz2i4V3AbnoTtQVw+Sl5rdbjCpiP4Hn+F8/Faa/Tn0s5aiQpDxG68M9TAxYj0MBZoMWr;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.48.126]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1OU3Vm-0007yP-Cy for hasmat@ietf.org; Wed, 30 Jun 2010 14:03:58 -0600
Message-ID: <4C2BA32E.50301@KingsMountain.com>
Date: Wed, 30 Jun 2010 13:03:58 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: IETF HASMAT list <hasmat@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [HASMAT] "STS" moniker (was: IETF BoF @IETF-78 Maastricht: HASMAT...)
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 20:03:51 -0000

 > Quick nit/suggestion: ... is there any chance of renaming STS to something
 > else?  Reason is (as you know) STS is used in WSS literature as Security
 > Token Service. This term has also made it into the OAuth drafts.


Well, from an HTTP perspective, "Strict Transport Security" is what made most 
sense to a number of colleagues when we were discussing names. However, I've 
been thinking that we should probably qualify the name because it /is/ 
HTTP-specfic, i.e. "HTTP Strict Transport Security" yielding "HSTS" as an 
acronym (yes, I'm well aware of the acronym collision you mention).

=JeffH