Re: [websec] DISCUSS positions on draft-ietf-websec-key-pinning

Tobias Gondrom <> Sun, 17 August 2014 20:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 87CC61A0171; Sun, 17 Aug 2014 13:04:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.668
X-Spam-Status: No, score=-102.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GCE7LvEatUVz; Sun, 17 Aug 2014 13:04:33 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 43BE81A016B; Sun, 17 Aug 2014 13:04:32 -0700 (PDT)
X-No-Relay: not in my network
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default;; b=f2UKBeRJO84B17sCKqZi65+XuSGs/kpecWPwtEzhop/0qUPg5x2yFCYpzZT16M0wbC56IQQF4G1eFZ+RoIo7VZZDNex8wNGrQKxVPlMFivwTF4KlBma3TuOeYNxUk6EyTbQcEynPd5B0dqxnW3vzUeagMbBeY+QEC59VQwmmHts=; h=X-No-Relay:X-No-Relay:X-No-Relay:X-No-Relay:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type;
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
Received: from [] ( []) by (Postfix) with ESMTPSA id E75561539000F; Sun, 17 Aug 2014 22:04:30 +0200 (CEST)
Message-ID: <>
Date: Sun, 17 Aug 2014 21:04:30 +0100
From: Tobias Gondrom <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------010807060507070706060605"
Subject: Re: [websec] DISCUSS positions on draft-ietf-websec-key-pinning
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 17 Aug 2014 20:04:35 -0000

On 14/08/14 18:21, Barry Leiba wrote:
>> It sounds like you're looking for an acknowledgement of the messages. Just
>> to confirm, we have received this feedback, and are taking time to ensure
>> the replies are as considered and thoughtful as the DISCUSS points,
>> especially as many of these points were discussed early on and thought
>> addressed by the draft already.
> Great; thanks, Ryan.
> Yes, it's always good to at least send a "we're working on it" message
> in response, especially to DISCUSS positions (as those are
> specifically asking for discussion).
> So we'll take this as "we're working on it, and we'll get back to
> y'all when we have a good response," and thanks for confirming that.
> Barry

Hi Ryan,

in addition to the recommendation from Barry: please feel free to reply 
to the discusses as soon as possible. We are now in IESG review and an 
extensive discussion within the WG is not required to deal with 
discusses if the issues have been raised and resolved in the WG before.

So e.g. if you think that a discuss has already been addressed during a 
previous WG discussion, please feel free to write so to the reviewing AD 
(with cc to the WG). And repeat a quick brief of the reasoning for the 
benefit of the reviewer who has not been part of the WG discussion before.

Furthermore I would recommend to not wait for any HSTS update 
discussions. It is not clear whether they will happen or not at this 
stage. So to wait for them may not be fruitful.

In general it would be good to answer questions in the current IESG 
review process phase timely and one by one as that will help the ADs to 
close the process on the draft in a timely manner. If we wait too long, 
some may need to read the draft again just to refresh their memory when 
casting their vote to publish.

Just a thought, Tobias (no hat)