Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
Julian Reschke <julian.reschke@gmx.de> Fri, 06 April 2012 07:25 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C70021F8576 for <websec@ietfa.amsl.com>; Fri, 6 Apr 2012 00:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VrrsF-dTQBU for <websec@ietfa.amsl.com>; Fri, 6 Apr 2012 00:25:55 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 81DF421F8559 for <websec@ietf.org>; Fri, 6 Apr 2012 00:25:54 -0700 (PDT)
Received: (qmail invoked by alias); 06 Apr 2012 07:25:52 -0000
Received: from p57A6D85B.dip.t-dialin.net (EHLO [192.168.178.36]) [87.166.216.91] by mail.gmx.net (mp020) with SMTP; 06 Apr 2012 09:25:52 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1996aIvX2R9RS5/AhZDWBQWRy3eVImnLzLCH3UhqX qTTsoRxQPHdn10
Message-ID: <4F7E9A81.6030805@gmx.de>
Date: Fri, 06 Apr 2012 09:25:53 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: =JeffH <Jeff.Hodges@KingsMountain.com>
References: <4F7E1F51.9040002@KingsMountain.com>
In-Reply-To: <4F7E1F51.9040002@KingsMountain.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2012 07:25:55 -0000
On 2012-04-06 00:40, =JeffH wrote: > Thanks for the feedback, proposed edits, and hacked xml2rfc source. > > > So this > > > > - states that the given ABNF applies to the value after q-s processing > > (when needed) > > - changes the ABNF to specify only the *value* > > Ok. so you suggested.. > > 6.1.1. The max-age Directive > > The REQUIRED max-age directive specifies the number of seconds, after > the reception of the STS header field, during which the UA regards > the host, from whom the message was received, as a Known HSTS Host > (see also Section 8.1.1 "Noting a HSTS Host", below). > > The syntax of the max-age directive's value (after potential > applying quoted-string unescaping) is: > > max-age-v = delta-seconds > delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2> > > Note: A max-age value of zero signals the UA to cease regarding the > host as a Known HSTS Host. > > > > ..and I presently am polishing that to be.. > > > 6.1.1. The max-age Directive > > The REQUIRED "max-age" directive specifies the number of seconds, > after the reception of the STS header field, during which the UA > regards the host, from whom the message was received, as a Known HSTS > Host (see also Section 8.1.1 "Noting a HSTS Host", below). > > The max-age directive value has the following syntax > (after quoted-string unescaping, if necessary): > > max-age-value = delta-seconds > delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2> > > Note: A max-age value of zero signals the UA to cease regarding the > host as a Known HSTS Host. Looks good to me. > I'm a little concerned that without an explicit syntax declaration such > as.. > > max-age = "max-age" "=" max-age-value > > ..we'll confuse some readers ("what do i actually put in the STS header > for this directive??"), but hopefully the examples in section 6.2, as > well as putting the directive name in quotes in the first paragraph, > will address this. Noted. And yes, if we optimize for people not reading the spec "properly", the best way to address this is to add examples. Best regards, Julian
- [websec] STS ABNF, was: new rev: draft-ietf-webse… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- [websec] STS ABNF, was: new rev: draft-ietf-webse… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke