Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
Julian Reschke <julian.reschke@gmx.de> Fri, 06 April 2012 07:25 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C70021F8576 for <websec@ietfa.amsl.com>; Fri, 6 Apr 2012 00:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VrrsF-dTQBU for <websec@ietfa.amsl.com>; Fri, 6 Apr 2012 00:25:55 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 81DF421F8559 for <websec@ietf.org>; Fri, 6 Apr 2012 00:25:54 -0700 (PDT)
Received: (qmail invoked by alias); 06 Apr 2012 07:25:52 -0000
Received: from p57A6D85B.dip.t-dialin.net (EHLO [192.168.178.36]) [87.166.216.91] by mail.gmx.net (mp020) with SMTP; 06 Apr 2012 09:25:52 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1996aIvX2R9RS5/AhZDWBQWRy3eVImnLzLCH3UhqX qTTsoRxQPHdn10
Message-ID: <4F7E9A81.6030805@gmx.de>
Date: Fri, 06 Apr 2012 09:25:53 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: =JeffH <Jeff.Hodges@KingsMountain.com>
References: <4F7E1F51.9040002@KingsMountain.com>
In-Reply-To: <4F7E1F51.9040002@KingsMountain.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2012 07:25:55 -0000
On 2012-04-06 00:40, =JeffH wrote:
> Thanks for the feedback, proposed edits, and hacked xml2rfc source.
>
> > So this
> >
> > - states that the given ABNF applies to the value after q-s processing
> > (when needed)
> > - changes the ABNF to specify only the *value*
>
> Ok. so you suggested..
>
> 6.1.1. The max-age Directive
>
> The REQUIRED max-age directive specifies the number of seconds, after
> the reception of the STS header field, during which the UA regards
> the host, from whom the message was received, as a Known HSTS Host
> (see also Section 8.1.1 "Noting a HSTS Host", below).
>
> The syntax of the max-age directive's value (after potential
> applying quoted-string unescaping) is:
>
> max-age-v = delta-seconds
> delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2>
>
> Note: A max-age value of zero signals the UA to cease regarding the
> host as a Known HSTS Host.
>
>
>
> ..and I presently am polishing that to be..
>
>
> 6.1.1. The max-age Directive
>
> The REQUIRED "max-age" directive specifies the number of seconds,
> after the reception of the STS header field, during which the UA
> regards the host, from whom the message was received, as a Known HSTS
> Host (see also Section 8.1.1 "Noting a HSTS Host", below).
>
> The max-age directive value has the following syntax
> (after quoted-string unescaping, if necessary):
>
> max-age-value = delta-seconds
> delta-seconds = <1*DIGIT, defined in [RFC2616], Section 3.3.2>
>
> Note: A max-age value of zero signals the UA to cease regarding the
> host as a Known HSTS Host.
Looks good to me.
> I'm a little concerned that without an explicit syntax declaration such
> as..
>
> max-age = "max-age" "=" max-age-value
>
> ..we'll confuse some readers ("what do i actually put in the STS header
> for this directive??"), but hopefully the examples in section 6.2, as
> well as putting the directive name in quotes in the first paragraph,
> will address this.
Noted. And yes, if we optimize for people not reading the spec
"properly", the best way to address this is to add examples.
Best regards, Julian
- [websec] STS ABNF, was: new rev: draft-ietf-webse… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- [websec] STS ABNF, was: new rev: draft-ietf-webse… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… =JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-w… Julian Reschke