[websec] new rev: draft-ietf-websec-strict-transport-sec-13
=JeffH <Jeff.Hodges@KingsMountain.com> Mon, 01 October 2012 15:45 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB3C1F0CCD for <websec@ietfa.amsl.com>; Mon, 1 Oct 2012 08:45:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.278
X-Spam-Level:
X-Spam-Status: No, score=-100.278 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iFGr0mQ5kdyC for <websec@ietfa.amsl.com>; Mon, 1 Oct 2012 08:45:42 -0700 (PDT)
Received: from oproxy9.bluehost.com (oproxy9.bluehost.com [IPv6:2605:dc00:100:2::a2]) by ietfa.amsl.com (Postfix) with SMTP id 0D7A91F0C7E for <websec@ietf.org>; Mon, 1 Oct 2012 08:45:41 -0700 (PDT)
Received: (qmail 25185 invoked by uid 0); 1 Oct 2012 15:45:34 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy9.bluehost.com with SMTP; 1 Oct 2012 15:45:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=cRIJ7DNSMqGCZYbrUGilfCC+VbEGgsDL9AjeKWDBJWI=; b=UDjXr+MtpGtqUwoZPMB871Z/C4FYbtRHXamNhpCMLsGTZa2TdKV/+IbqAIjQxm824y6pcIf2QRZyT5dP4JOWuLsTA3cH+JVE/ThtCrQOL91G+WF9725tIC785zcurB8k;
Received: from [216.113.168.128] (port=47954 helo=[10.244.138.54]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1TIiBZ-0007xp-RP for websec@ietf.org; Mon, 01 Oct 2012 09:45:33 -0600
Message-ID: <5069BA9F.109@KingsMountain.com>
Date: Mon, 01 Oct 2012 08:45:35 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120912 Thunderbird/15.0.1
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: [websec] new rev: draft-ietf-websec-strict-transport-sec-13
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Oct 2012 15:45:43 -0000
New rev: https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14 please see change log excerpt included below for details. This rev addresses comments raised during IESG review.. https://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ballot/ All issue tickets are closed. full issue ticket list for strict-transport-sec: <http://trac.tools.ietf.org/wg/websec/trac/query?status=assigned&status=closed&status=new&status=reopened&component=strict-transport-sec&order=id> Redline spec diff from previous rev: https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-websec-strict-transport-sec-14.txt side-by-side diff from previous rev: https://tools.ietf.org/rfcdiff?url2=draft-ietf-websec-strict-transport-sec-14.txt Change Log for this rev is below. =JeffH ============================================================== Appendix D. Change Log [RFCEditor: please remove this section upon publication as an RFC.] Changes are grouped by spec revision listed in reverse issuance order. D.1. For draft-ietf-websec-strict-transport-sec Changes from -13 to -14: 1. Added a new subsection entitled "Considerations for Offering Unsecured HTTP Services at Alternate Ports or Subdomains of an HSTS Host" to section 11.4 "Implications of includeSubDomains". This is addresses Robert Sparks' Discuss point (1): <https://datatracker.ietf.org/doc/ draft-ietf-websec-strict-transport-sec/ballot/#robert-sparks> Also s/flag/directive/ for all uses of e.g. "includeSubDomains flag", and noted that the presence of an includeSubDomains directive in an STS header field means it is "asserted". 2. Added a definition of an expired known HSTS Host, as well as a stipulation that the UA must evict expired known HSTS hosts from the cache (to section 8.1.1 "Noting an HSTS Host - Storage Model"). Added an "unexpired" adjective appropriately to section 8.2 "Known HSTS Host Domain Name Matching". This is addresses Robert Sparks' Discuss point (2): <https:// datatracker.ietf.org/doc/ draft-ietf-websec-strict-transport-sec/ballot/#robert-sparks> 3. Added a note 14.4 reason for clients to consider providing a way for users to remove entries from the cache. This is addresses Robert Sparks' first Comment: <https:// datatracker.ietf.org/doc/ draft-ietf-websec-strict-transport-sec/ballot/#robert-sparks> 4. Noted in 2nd para of section 7.1 that HTTP is running over secure transport. This is addresses Robert Sparks' second comment ("nit"): <https://datatracker.ietf.org/doc/ draft-ietf-websec-strict-transport-sec/ballot/#robert-sparks> 5. Struck the "or perhaps others" phrase from Section 7. Added Section 14 "Underlying Secure Transport Considerations" to Sec Cons. This is addresses a portion of Eric Rescorla's feedback. 6. Added a NOTE to Section 8.3 URI Loading and Port Mapping regarding non-HTTPS servers running at non-standard ports identified in URIs. Added item (6) to Appendix A explaining the port mapping design decision. This addresses the other portion of EKR's feedback. Changes from -12 to -13: <snip/> --- end
- [websec] new rev: draft-ietf-websec-strict-transp… =JeffH
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Barry Leiba
- Re: [websec] new rev: draft-ietf-websec-strict-tr… =JeffH
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Tobias Gondrom
- [websec] new rev: draft-ietf-websec-strict-transp… =JeffH