Last Call: <draft-ietf-websec-strict-transport-sec-11.txt> (HTTP Strict Transport Security (HSTS)) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 11 July 2012 15:09 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72AC321F8714; Wed, 11 Jul 2012 08:09:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.525
X-Spam-Level:
X-Spam-Status: No, score=-102.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKoK8kETwbRi; Wed, 11 Jul 2012 08:09:08 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE25521F870E; Wed, 11 Jul 2012 08:09:08 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-websec-strict-transport-sec-11.txt> (HTTP Strict Transport Security (HSTS)) to Proposed Standard
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120711150908.6635.16188.idtracker@ietfa.amsl.com>
Date: Wed, 11 Jul 2012 08:09:08 -0700
Cc: websec@ietf.org
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 15:09:09 -0000
The IESG has received a request from the Web Security WG (websec) to consider the following document: - 'HTTP Strict Transport Security (HSTS)' <draft-ietf-websec-strict-transport-sec-11.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-07-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections, and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field, and/or by other means, such as user agent configuration, for example. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ballot/ This Proposed Standard has downrefs to the following Informational RFCs: RFC 2818, HTTP Over TLS RFC 5895, Mapping Characters for IDNA ...and a normative reference to the following obsolete RFC, which is cited alongside its replacement: RFC 3490, Internationalizing Domain Names in Applications No IPR declarations have been submitted directly on this I-D.