Re: [websec] [saag] Pinning
Tobias Gondrom <tobias.gondrom@gondrom.org> Sat, 18 August 2012 18:36 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C19421F848F for <websec@ietfa.amsl.com>; Sat, 18 Aug 2012 11:36:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.772
X-Spam-Level:
X-Spam-Status: No, score=-96.772 tagged_above=-999 required=5 tests=[AWL=-1.410, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLFrCTHuyZ2L for <websec@ietfa.amsl.com>; Sat, 18 Aug 2012 11:36:24 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id 940EB21F8491 for <websec@ietf.org>; Sat, 18 Aug 2012 11:36:23 -0700 (PDT)
Received: (qmail 14296 invoked from network); 18 Aug 2012 20:36:21 +0200
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.65?) (94.194.102.93) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 18 Aug 2012 20:36:21 +0200
Message-ID: <502FE0A5.6090208@gondrom.org>
Date: Sat, 18 Aug 2012 19:36:21 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: ynir@checkpoint.com
References: <31946C2A-4ACD-46D7-8977-49B681204A7B@checkpoint.com> <8E52CEC5-4FEB-4464-AB11-21F1B9208C5C@checkpoint.com> <38489744-05A9-45F0-A752-7F0B9E96E641@vpnc.org> <4FCF894B.8080002@gondrom.org> <CAOuvq20iC817T-9U3zWG7S2Z=uU=G0i6usOT915ky+9FO8_Zwg@mail.gmail.com> <24C52325-8B51-4DA0-B21D-DC72E184BB23@checkpoint.com> <CA+cU71m=PZRgG34TTTjby=yCbB_z+i4MjEAtVJKE3uOxcKeA1g@mail.gmail.com> <B08F616B-23CE-48E1-BC9D-611FF640B44C@checkpoint.com>
In-Reply-To: <B08F616B-23CE-48E1-BC9D-611FF640B44C@checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: websec@ietf.org, cevans@google.com, moxie@thoughtcrime.org
Subject: Re: [websec] [saag] Pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Aug 2012 18:36:24 -0000
Hi all, <hat="individual"> I agree with clarification #52 proposed by Tom. http://trac.tools.ietf.org/wg/websec/trac/ticket/52 And agree with clarification #51 http://trac.tools.ietf.org/wg/websec/trac/ticket/51 For clarification #50: http://trac.tools.ietf.org/wg/websec/trac/ticket/50 I am not sure the text is clear enough on what we mean by "a public key pin cannot be formed." Best regards, Tobias On 11/08/12 22:30, Yoav Nir wrote: > Hi Tom > > On Aug 11, 2012, at 11:57 PM, Tom Ritter wrote: > >> I don't know IETF procedure for making changes, but one of the >> outstanding issues I don't think has been resolved with >> draft-ietf-websec-key-pinning-02 is inherited DSA parameters. I >> raised this issue here: >> http://www.ietf.org/mail-archive/web/websec/current/msg01027.html with >> suggested verbiage. > That message of yours flew under the radar. I don't know why. > > The IETF procedure for making changes is to raise the suggestion on the mailing list, and discuss it there until consensus is reached. > > To help with that, we may use an issue tracker (similar to a bug tracker like bugzilla). I've opened three tickets for the issues in your email: > http://trac.tools.ietf.org/wg/websec/trac/ticket/50 > http://trac.tools.ietf.org/wg/websec/trac/ticket/51 > http://trac.tools.ietf.org/wg/websec/trac/ticket/52 > > We can start a thread on each of them. > > Easy way is the editors start the thread with "looking at issue #50, we agree and it seems OK to us. Anyone object?", and then if nobody objects, the text is updated, a new draft is published, and if you think it's OK, we close the ticket. If there are objections (by the editors or others), they get discussed. > > Yoav > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec
- [websec] Fwd: [saag] Pinning Paul Hoffman
- Re: [websec] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Tobias Gondrom
- Re: [websec] [saag] Pinning Chris Palmer
- Re: [websec] [saag] Pinning Paul Hoffman
- Re: [websec] [saag] Pinning Trevor Perrin
- Re: [websec] [saag] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Tom Ritter
- Re: [websec] [saag] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Jeffrey Hutzelman
- Re: [websec] [saag] Pinning Tony Finch
- Re: [websec] [saag] Pinning Alexey Melnikov
- Re: [websec] [saag] Pinning Tobias Gondrom
- Re: [websec] [saag] Pinning Tobias Gondrom