Last Call: <draft-ietf-websec-key-pinning-19.txt> (Public Key Pinning Extension for HTTP) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 07 July 2014 13:02 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F5E71A0406; Mon, 7 Jul 2014 06:02:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hcgOmx9eEV5k; Mon, 7 Jul 2014 06:02:04 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7B11A0016; Mon, 7 Jul 2014 06:02:04 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-websec-key-pinning-19.txt> (Public Key Pinning Extension for HTTP) to Proposed Standard
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.0.p1
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20140707130204.24073.7638.idtracker@ietfa.amsl.com>
Date: Mon, 07 Jul 2014 06:02:04 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-announce/8RQ0B4euIV5QwiSj9Voh2bCJKEc
Cc: websec@ietf.org
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 13:02:06 -0000
The IESG has received a request from the Web Security WG (websec) to consider the following document: - 'Public Key Pinning Extension for HTTP' <draft-ietf-websec-key-pinning-19.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-08-01. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes an extension to the HTTP protocol allowing web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities for a given period of time. During that time, UAs will require that the host present a certificate chain including at least one Subject Public Key Info structure whose fingerprint matches one of the pinned fingerprints for that host. By effectively reducing the number of authorities who can authenticate the domain during the lifetime of the pin, pinning may reduce the incidence of man-in-the-middle attacks due to compromised Certification Authorities. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/ballot/ No IPR declarations have been submitted directly on this I-D.