[websec] new rev: draft-ietf-websec-strict-transport-sec-07

=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 02 May 2012 20:38 UTC

Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B074521E8115 for <websec@ietfa.amsl.com>; Wed, 2 May 2012 13:38:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.751
X-Spam-Status: No, score=-99.751 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_05=-1.11, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id VX7npb3Hm8Du for <websec@ietfa.amsl.com>; Wed, 2 May 2012 13:38:47 -0700 (PDT)
Received: from oproxy9.bluehost.com (oproxy9.bluehost.com [IPv6:2605:dc00:100:2::a2]) by ietfa.amsl.com (Postfix) with SMTP id 9AFD621E8112 for <websec@ietf.org>; Wed, 2 May 2012 13:38:47 -0700 (PDT)
Received: (qmail 18060 invoked by uid 0); 2 May 2012 20:38:46 -0000
Received: from unknown (HELO box514.bluehost.com) ( by oproxy9.bluehost.com with SMTP; 2 May 2012 20:38:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=WBZ+U3FKv7l/5mg7ORh4SkVtBVsjjQ5Fgc70s2VPSKg=; b=ZuIekFNUAaXoPBOhcFh2KeY8YOTOJscD0FjsMPvE5DkQVaamOnHl3kYf3k7/TBzIBkm0xvK64W42YvSi7C8ee/HacGjgLkYTxFUeLIlte1hzO7DTNGD5jQIKVLqUokO5;
Received: from [] (helo=[]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1SPgJy-0008Jw-M2 for websec@ietf.org; Wed, 02 May 2012 14:38:46 -0600
Message-ID: <4FA19B4F.9060606@KingsMountain.com>
Date: Wed, 02 May 2012 13:38:39 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth authed with jeff.hodges+kingsmountain.com}
Subject: [websec] new rev: draft-ietf-websec-strict-transport-sec-07
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 20:38:48 -0000

New rev:

full issue ticket list for strict-transport-sec:

Redline spec diff from previous rev:

side-by-side diff from previous rev:

Change Log is below.



Appendix D. Change Log

    [RFCEditor: please remove this section upon publication as an RFC.]

    Changes are grouped by spec revision listed in reverse issuance

D.1. For draft-ietf-websec-strict-transport-sec

       Changes from -06 to -07:

       1.  Various minor/modest editorial tweaks throughout as I went
           through it pursuing the below issue tickets.  Viewing a visual
           diff against -06 revision recommended.

       2.  fixed some minor editorial issues noted in review by Alexey,
           fixes noted in here: <https://www.ietf.org/mail-archive/web/

       3.  Addressed ABNF exposition issues, specifically inclusion of
           quoted-string syntax for directive values.  Fix STS header
           ABNF such that a leading ";" isn't required.  Add example of
           quoted-string-encoded max-age-value.  This addresses (re-
           opened) issue ticket #33.

       4.  Reworked sections 8.1 through 8.3 to ensure matching algorithm
           and resultant HSTS Policy application is more clear, and that
           it is explicitly stipulated to not muck with attributes of
           superdomain matching Known HSTS Hosts.  This addresses issue
           ticket #37.

       5.  Added reference to [I-D.ietf-dane-protocol], pared back
           extraneous discussion in section 2.2, and updated discussion
           in 10.2 to accomodate TLSA (nee DANE).  This addresses issue
           ticket #39.

       6.  Addressed various editorial items from issue ticket #40.

       7.  Loosened up the language regarding redirecting "http" requests
           to "https" in section 7.2 such that future flavors of
           permanent redirects are accommodated.  This addresses issue
           ticket #43.

       8.  Reworked the terminology and language in Section 9, in
           particular defining the term "putative domain name string" to
           replace "valid Unicode-encoded string-serialized domain name".
           This addresses issue ticket #44.

       Changes from -05 to -06: