Re: [websec] Issue 52 - Key pinning draft should clarify max-age as required
Tom Ritter <tom@ritter.vg> Wed, 06 March 2013 02:56 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id B587C21F8611 for <websec@ietfa.amsl.com>;
Tue, 5 Mar 2013 18:56:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.927
X-Spam-Level:
X-Spam-Status: No, score=-2.927 tagged_above=-999 required=5 tests=[AWL=0.050,
BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IcdCG5dNWHhY for
<websec@ietfa.amsl.com>; Tue, 5 Mar 2013 18:56:59 -0800 (PST)
Received: from mail-ve0-f180.google.com (mail-ve0-f180.google.com
[209.85.128.180]) by ietfa.amsl.com (Postfix) with ESMTP id 37E3F21F860A for
<websec@ietf.org>; Tue, 5 Mar 2013 18:56:59 -0800 (PST)
Received: by mail-ve0-f180.google.com with SMTP id jx10so6389080veb.11 for
<websec@ietf.org>; Tue, 05 Mar 2013 18:56:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg;
h=x-received:mime-version:in-reply-to:references:from:date:message-id
:subject:to:cc:content-type; bh=L6/L7miy3MZRmVPFZSg62pm4SA/yBPRc6na40t+S8DY=;
b=gzFKTzY4kbkks1RjTLxbAMjQ9Px6GnuhkQFmSeekJb94bV2QE+kigNln1yIIgutE2N
EXlTG6+HxT71Sxk6n/V2LXemrkYXFym4jm8YMzB+x+y8Y3R+0x+L0PDk1swT4psi3m9/
qULtgDdFA3x+5mzwCHo9ZGWg6UIPj/FmUmgUk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=20120113;
h=x-received:mime-version:in-reply-to:references:from:date:message-id
:subject:to:cc:content-type:x-gm-message-state;
bh=L6/L7miy3MZRmVPFZSg62pm4SA/yBPRc6na40t+S8DY=;
b=KX8EjM/COkR7VvP9KwzTtt4GiI46OUTHJyOEYw/hxcDHIBl13ax9Z4Q+/+UUn1i0pT
4DG5j1nc7XwdftNDO6cQsp50Mjw7lw0dbRAWMqxyZ6VpXWiq8TPK14TSjUZbb/Nc9z5u
SFP4yLOVk55QuBJR5n0azwy2UG1v+kM7Veo3xvJV13urABXUlxuwZzWTrfs4W+SzZHeQ
l5Xrua7vzTr9LjpctZJ1wzwNez0FO95JnsqGAGCCHSm213FbUnPGdnUFLXLGB3LvZ+kv
bjSWkzTtsw6DLNGzTbtkhGfngc7wqTfCjcdUAh0aFQAeZTe6dEFMJcp+ig4aFIdrbbaY +1Bw==
X-Received: by 10.58.245.200 with SMTP id xq8mr11012744vec.21.1362538618639;
Tue, 05 Mar 2013 18:56:58 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.182.169 with HTTP; Tue, 5 Mar 2013 18:56:38 -0800 (PST)
In-Reply-To: <d7f19a6748738de27ee5080bc81b1b75.squirrel@webmail.dreamhost.com>
References: <d7f19a6748738de27ee5080bc81b1b75.squirrel@webmail.dreamhost.com>
From: Tom Ritter <tom@ritter.vg>
Date: Tue, 5 Mar 2013 21:56:38 -0500
Message-ID: <CA+cU71k6AFFL85mYn_po2iQhKf2uZS=YgecH6xePEtRt_OQQCA@mail.gmail.com>
To: ryan-ietfhasmat@sleevi.com
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQk9pozPee/+jHOxpS04zGhtS+nV9G0VgmVYGgstgEJcfvuBDkREgEl732lPhOEfgtCnZ42A
Cc: websec@ietf.org
Subject: Re: [websec] Issue 52 - Key pinning draft should clarify max-age as
required
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport
<websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>,
<mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>,
<mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2013 02:56:59 -0000
No objection to closing it out. On 4 March 2013 19:56, Ryan Sleevi <ryan-ietfhasmat@sleevi.com> wrote: > This was one of the outstanding issues from draft-03, raised in > http://trac.tools.ietf.org/wg/websec/trac/ticket/52 > > The Chrises and I believe this has been addressed sufficiently in > draft-04, through the clarifications in > http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-2.1.1 and > http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-2.3.1 > > Are there any objections to closing this out? > > > > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec