Re: [websec] [apps-discuss] AppsDir review of draft-ietf-websec-strict-transport-sec

Barry Leiba <barryleiba@computer.org> Sat, 02 June 2012 13:03 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D16D321F8672; Sat, 2 Jun 2012 06:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.003
X-Spam-Level:
X-Spam-Status: No, score=-103.003 tagged_above=-999 required=5 tests=[AWL=-0.026, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srIeHHNbQP9q; Sat, 2 Jun 2012 06:03:44 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id B987121F8671; Sat, 2 Jun 2012 06:03:40 -0700 (PDT)
Received: by lagv3 with SMTP id v3so2289707lag.31 for <multiple recipients>; Sat, 02 Jun 2012 06:03:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=OeKTWuKZ6GEQd9u+PN8pg+gFYXXlsvZd0bZTYzmzcrg=; b=ohCXoFXVaBsbFb6GIJUMvnDKi5WdN/PNry/H+L6SuF/Sl//3vRjDva7973taWVDmdf QAtamPoJVlEzdZjTux3e6jHfrlTBwqCTGHXRQcF+wTAz2hulTIbHTkm1uqmLjiix/NYt gx1crcVjI7LxTXwkv9pYmsLRWR77a4yAtS1eFMnZYfmlk8OpVfXYzMM3Wl+Wchx07/H6 dSfrv7T337cs4ph/o2g9zk1NV7bmF3L1DhfMJRdedQK8CjIUlSt/qjA01wt2hxPS6HQU h88GNU/psGf2caOZ1CQyuSTNlBz7eeSIjDnDnszXR7/S0EEF6tPjzwOWPmTpnSbWYL9f 4KyQ==
MIME-Version: 1.0
Received: by 10.152.108.144 with SMTP id hk16mr6547257lab.2.1338642219659; Sat, 02 Jun 2012 06:03:39 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.112.48.104 with HTTP; Sat, 2 Jun 2012 06:03:39 -0700 (PDT)
In-Reply-To: <4FC998CD.4040407@KingsMountain.com>
References: <4FC998CD.4040407@KingsMountain.com>
Date: Sat, 02 Jun 2012 09:03:39 -0400
X-Google-Sender-Auth: W9f2FDEkeoDex3LC11GsoasJmOs
Message-ID: <CAC4RtVDPt=NRdXe01S5isQe2+ksMnjeZ4Q=O=pPJcXxQAWZBAQ@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: =JeffH <Jeff.Hodges@kingsmountain.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: draft-ietf-websec-strict-transport-sec@tools.ietf.org, IETF WebSec WG <websec@ietf.org>, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [websec] [apps-discuss] AppsDir review of draft-ietf-websec-strict-transport-sec
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2012 13:03:46 -0000

[Changed Murray's address to his new one.]

>> Section 3: Are the latter two paragraphs really necessary? I only find
>> such
>> statements useful when minimum conformance is not the same thing as full
>> conformance.
>
> It's apparently helpful for readers with a strong W3C-style spec background.
> I'll leave them in.

It might be a good idea, then, to put something like the following in
at the beginning of the section:

[[IESG Note: This section is for readers with a background in W3C
specification style, of which we expect many.  RFC Editor, please
remove this note before publication.]]

This will avoid the same question/complaint from ADs during IESG evaluation.

I also suggest that you move the 2119 paragraph to the end of the
section, to keep all three compliance-related paragraphs together.

Barry