[saag] Fwd: Last Call: <draft-foudil-securitytxt-08.txt> (A Method for Web Security Policies) to Informational RFC

Yakov Shafranovich <yakov@nightwatchcybersecurity.com> Mon, 09 December 2019 21:53 UTC

Return-Path: <yakov@nightwatchcybersecurity.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C5E31200C5 for <saag@ietfa.amsl.com>; Mon, 9 Dec 2019 13:53:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nightwatchcybersecurity-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wI3G-uIS3uR5 for <saag@ietfa.amsl.com>; Mon, 9 Dec 2019 13:53:46 -0800 (PST)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF146120086 for <saag@ietf.org>; Mon, 9 Dec 2019 13:53:45 -0800 (PST)
Received: by mail-pj1-x102d.google.com with SMTP id g4so6448091pjs.10 for <saag@ietf.org>; Mon, 09 Dec 2019 13:53:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nightwatchcybersecurity-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Qa8pRK71b96CW64UFatNA4rnXecCxAw54GFGNESxbqE=; b=qgxXIiZZ9MdMXKvI1yPry3WVXv+f9E73Rt29n1qs9jisagl5HeoOixodPKDwDRouzo 4dLM4LBNQqOv/Vps9+1URSZ12I64YNnidNzXAaCYtOKbcKkfn4LUcbMtD8NlHCsRwk/6 jzftlsWeq9RAywunLNBA+O64Q2G7NZdKM9Wux7r6iLyfRj3470Zh5y2oxzhJsovMiicb 3Q32k3FOvehV8U47P36Jhuwu1gJifRT1Edi6i2LjcsODncMi9qtuavYoq7JSN3KaSZc/ F045L7r2ds8Qqt5oLm4wXF4H8KTZ3Y5Idw0bqRSpqbimtTq0Mk50g2027+soVT1S15UR OK+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Qa8pRK71b96CW64UFatNA4rnXecCxAw54GFGNESxbqE=; b=QTsx7Mc/NuolX8haMxlSQFXvxDBS7kET/+wvFymIh/iTvQp0VKKOjB35vJdshQQerN FZHnlzX42vgaU01RL40AVQ0UHWEd9eGRBwPG6wOHLYhhopgjx5scnc+k8DtcZNOYCwr4 7BjEQpC/Eg78mqiqctUXQbLEik2NV8U3/DqdCM54EN2b7GiBwgzvtHld3eTGcWFC2hEs KEv8oi5tiVmTRziQhgZV3/bw5o6tmzBIi9KyN0bbBMy225smnU5LYWHWb5ux3fcsiRFp nAyd/SG0SQX4quZZH1t/aRkgVyZamsc/vGfVgWhG6v4nfrnR2Hma2r0wSS/DoF2DC3/2 F4tA==
X-Gm-Message-State: APjAAAXdNoP+40zeCR3B4lPXUt8CMFfw6F0SQPY+FUh2teWnMMwroC9D Y7Pq4jzHN8gGSRBWvPaWXH4e/t2K9OjK/8aKcBwqsG/uNClNMQ==
X-Google-Smtp-Source: APXvYqwNajbfDqwpiCtVPTvEjWbpYWAnY6w/9yFtO4qgYbHy99mWcN4zHtp6I11PQmxDHTR23HnrATE32qVTR5mgkc0=
X-Received: by 2002:a17:902:bcc8:: with SMTP id o8mr31447552pls.81.1575928425003; Mon, 09 Dec 2019 13:53:45 -0800 (PST)
MIME-Version: 1.0
References: <157591314890.2123.12378772921757205119.idtracker@ietfa.amsl.com>
In-Reply-To: <157591314890.2123.12378772921757205119.idtracker@ietfa.amsl.com>
From: Yakov Shafranovich <yakov@nightwatchcybersecurity.com>
Date: Mon, 9 Dec 2019 16:53:09 -0500
Message-ID: <CAAyEnSPZGEg_xpCCUeA6h6_DaBxOsWvhs_kO3pEa+kCLhjHaQQ@mail.gmail.com>
To: Security Area Advisory Group <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dRFvskxQDIHHoycu8dyEKKIF1eQ>
Subject: [saag] Fwd: Last Call: <draft-foudil-securitytxt-08.txt> (A Method for Web Security Policies) to Informational RFC
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 21:53:48 -0000

---------- Forwarded message ---------
From: The IESG <iesg-secretary@ietf.org>;
Date: Mon, Dec 9, 2019 at 12:39 PM
Subject: Last Call: <draft-foudil-securitytxt-08.txt> (A Method for
Web Security Policies) to Informational RFC
To: IETF-Announce <ietf-announce@ietf.org>;
Cc: <Kathleen.Moriarty.ietf@gmail.com>;,
<draft-foudil-securitytxt@ietf.org>;, <kaduk@mit.edu>;



The IESG has received a request from an individual submitter to consider the
following document: - 'A Method for Web Security Policies'
  <draft-foudil-securitytxt-08.txt> as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-01-06. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   When security vulnerabilities are discovered by independent security
   researchers, they often lack the channels to report them properly.
   As a result, security vulnerabilities may be left unreported.  This
   document defines a format ("security.txt") to help organizations
   describe the process for security researchers to follow in order to
   report security vulnerabilities.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-foudil-securitytxt/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-foudil-securitytxt/ballot/


No IPR declarations have been submitted directly on this I-D.