Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06 until April-9

Alexey Melnikov <alexey.melnikov@isode.com> Sat, 24 March 2012 12:20 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EDFF21F8729 for <websec@ietfa.amsl.com>; Sat, 24 Mar 2012 05:20:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wnH1WUNa6Pwn for <websec@ietfa.amsl.com>; Sat, 24 Mar 2012 05:20:18 -0700 (PDT)
Received: from rufus.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 1D22521F8722 for <websec@ietf.org>; Sat, 24 Mar 2012 05:20:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1332591617; d=isode.com; s=selector; i=@isode.com; bh=IzrOCcev964WTvVPHVxbQVkM3EO+dioQ85NhWx/DVXU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=YR4We/oldWjbu4RKN8hLVNvIQwc1Lk0xkXz1/ih9eFmQAGoAH6jggVb+pbAu3e7SeakO0h ZZ0rY21bOq4Gf6GIDx0qOenkQKQT0L26sjlqI6jatO3e3HEDX4NRJjQs843Zb+Y7nWycoX FhQAq8xL3RNInlVbmUzWoa+xshJ++aQ=;
Received: from [130.129.18.66] (dhcp-1242.meeting.ietf.org [130.129.18.66]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <T228AAAiklMv@rufus.isode.com>; Sat, 24 Mar 2012 12:20:17 +0000
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <4F6DBC03.4@isode.com>
Date: Sat, 24 Mar 2012 13:20:19 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <4F66623F.9000300@gondrom.org> <B7C71F2C-D1ED-4C82-ADB9-23E65DC6150C@vpnc.org>
In-Reply-To: <B7C71F2C-D1ED-4C82-ADB9-23E65DC6150C@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06 until April-9
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Mar 2012 12:20:19 -0000

On 21/03/2012 01:21, Paul Hoffman wrote:
> Greetings again. I have read the draft again, and am quite happy that this is moving forwards. Having said that, I have a list of issues that I think need to be dealt with, and a few editorial issues.
>
> --Paul Hoffman
Hi Paul,
Thanks for very good comments. I am agreeing with all of them except for 
the one thing:
> RFC 2818 is listed as a normative reference, and yet it is Informational.
I disagree with you, it is normative for the definition of HTTPS.
> This will need to be called out in the PROTO report.
This would be fine. RFC 2818 is in the DownRef registry, so it doesn't 
even need to be explicitly called out during IETF LC.
> Alternately, it can be called an informative reference, since one does not need to understand it in order to implement this document.