Re: [websec] [Technical Errata Reported] RFC6797 (4075)

Tobias Gondrom <tobias.gondrom@gondrom.org> Sun, 10 August 2014 19:04 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 703411A010F for <websec@ietfa.amsl.com>; Sun, 10 Aug 2014 12:04:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.668
X-Spam-Level:
X-Spam-Status: No, score=-102.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ppZfNEe4_aGt for <websec@ietfa.amsl.com>; Sun, 10 Aug 2014 12:04:47 -0700 (PDT)
Received: from www.gondrom.org (www.gondrom.org [91.250.114.153]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F9201A0009 for <websec@ietf.org>; Sun, 10 Aug 2014 12:04:47 -0700 (PDT)
X-No-Relay: not in my network
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=OcAxrbAKb04Wyjx3aYAKCE0XkEsp184jtW8ECZJBmbpm7d9+nh1s7t+yrbilqDsIO61UZ+PRf2ZbifW0AZ/rWK1BGgvMQaVgKY8Cg6jT5pb1k7++CcuJreXi8ATrNQQeDVFG/1Lfj3WDT+7nyiSIU3crMShIH2QoHasa1nLGTxk=; h=X-No-Relay:X-No-Relay:X-No-Relay:X-No-Relay:X-No-Relay:X-No-Relay:X-No-Relay:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type;
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
Received: from [192.168.0.6] (46-64-103-184.zone15.bethere.co.uk [46.64.103.184]) by www.gondrom.org (Postfix) with ESMTPSA id 3314115390052; Sun, 10 Aug 2014 21:04:44 +0200 (CEST)
Message-ID: <53E7C248.1070301@gondrom.org>
Date: Sun, 10 Aug 2014 20:04:40 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: barryleiba@computer.org, ynir.ietf@gmail.com
References: <20140808190533.56A431801A4@rfc-editor.org> <CALaySJJB=g_gD9rFVoLU7JW7SkVvq9bK_H71TdPq3-em0JLFfQ@mail.gmail.com> <COL131-DS14E7BAAD30061ECA07D1D5F0EE0@phx.gbl> <CALaySJJe6v7JwceN+TucqtdJWA9dh3+oj6-awYXHJwY6iZEvzA@mail.gmail.com> <151DC1A6-B162-4EF7-A78B-3723A64F7D84@gmail.com> <COL131-DS10F844603100882CC36852F0EE0@phx.gbl> <85006244-94CE-4AD8-9042-4C8CDF216C12@gmail.com> <53E75740.1060200@gondrom.org> <11E76DB3-F10C-4C1C-9720-97F590639044@gmail.com> <53E75BF8.2060204@gondrom.org> <E9C1EFBA-F9C6-4196-9C6B-A7F3707E7137@gmail.com> <CALaySJLvC5fTvOg=73689z=B4Fv1jT=61GOMeJgOcmmuUErPow@mail.gmail.com>
In-Reply-To: <CALaySJLvC5fTvOg=73689z=B4Fv1jT=61GOMeJgOcmmuUErPow@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------010704050706030008060007"
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/8vlmJonHY4ebVoL8R3X4jVATQBE
Cc: e_lawrence@hotmail.com, Jeff.Hodges@paypal.com, presnick@qti.qualcomm.com, websec@ietf.org, collin.jackson@sv.cmu.edu
Subject: Re: [websec] [Technical Errata Reported] RFC6797 (4075)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Aug 2014 19:04:49 -0000

On 10/08/14 16:02, Barry Leiba wrote:
>>> I agree, this is an "update" and not an "errata".
>>>
>>> However, am not sure how to best retain this information:
>>> Because this is a good point for a best practice.
>>> And be it only in advising the best practice when using HSTS, like
>>> simply including one link to the parent https://example.com to avoid
>>> having unprotected parent-domains.
>> Well, if we could talk Eric into writing a draft...
> ...
>> So we get an Informational draft called "best practices in using HSTS". 2
>> pages long unless we rathole and add lots of stuff.
> That absolutely seems the best approach, and have it "update" 6797.  I
> would love it if Eric would be a co-author, and I think we can keep
> the working group going long enough to do this.
>
> To Tobias's more general question of where we keep track of these
> sorts of things when we don't have a working group to pick it up and
> go with it:  Yes, that's something we've been discussing.  If we have
> a former working group to work from, there's a wiki on tools.ietf.org
> (websec's is at <http://trac.tools.ietf.org/wg/websec/trac/wiki>, and
> it's entirely unused, but some working groups do use theirs).  I've
> been suggesting that we make a habit of keeping updates, change
> requests, follow-on notes, and other non-errata things there, on the
> appropriate current or former WG wiki.  If there's no obvious WG, we
> can use the appsawg wiki at
> <http://trac.tools.ietf.org/wg/appsawg/trac/wiki> for App Area stuff.
> The only bad thing about that is that there's no pointer from the RFC
> to the appropriate wiki, and we've talked about establishing some sort
> of per-RFC wiki also, or maybe just a per-RFC pointer to a wiki.
>
> Barry

I agree.

The question is, does Eric (and maybe Jeff or anybody else) want to do a
small update informational RFC?

Best regards, Tobias


Ps.: and thanks for the clarification about the Wiki.