[websec] HSTS spec issues noted in tracker
=JeffH <Jeff.Hodges@KingsMountain.com> Fri, 08 July 2011 23:23 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2230E21F8C84 for <websec@ietfa.amsl.com>; Fri, 8 Jul 2011 16:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.307
X-Spam-Level:
X-Spam-Status: No, score=-102.307 tagged_above=-999 required=5 tests=[AWL=-0.042, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NkVHv+mEpvWO for <websec@ietfa.amsl.com>; Fri, 8 Jul 2011 16:23:23 -0700 (PDT)
Received: from oproxy6-pub.bluehost.com (oproxy6-pub.bluehost.com [67.222.54.6]) by ietfa.amsl.com (Postfix) with SMTP id 80E5F21F8C82 for <websec@ietf.org>; Fri, 8 Jul 2011 16:23:23 -0700 (PDT)
Received: (qmail 10058 invoked by uid 0); 8 Jul 2011 23:23:22 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy3.bluehost.com with SMTP; 8 Jul 2011 23:23:22 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=X5dDLHqIzDhGfEp+56GX+9+V4xZGOApSVZ16vbQHWRNYZ7xAz/xhU+XvJzIktmO/MsXG52mEjEK0ge8MyBUHXXOb8rG4dsdju08Nnf/9XeiLCsq1nYjwpbh9AbviRHdk;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.136.43]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1QfKOH-00059h-Om for websec@ietf.org; Fri, 08 Jul 2011 17:23:21 -0600
Message-ID: <4E179169.1020403@KingsMountain.com>
Date: Fri, 08 Jul 2011 16:23:21 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: [websec] HSTS spec issues noted in tracker
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 23:23:24 -0000
As y'all likely noticed, I worked through hasmat@ and websec@ mailing list archives since approx Jul-2010 and documented issues with the HSTS spec that've been raised, but aren't as yet addressed in draft-ietf-websec-strict-transport-sec-01. an overview report is available here.. http://trac.tools.ietf.org/wg/websec/trac/report/1?asc=1&sort=ticket (that URI in the future will gen a report for all tickets submitted against all WebSec WG specs, just fyi/fwiw) If there's any issues with the HSTS spec you feel are salient and that I didn't capture, please raise it on the list and/or submit a ticket. I don't know if I'll be able to get the spec updated before Monday's I-D cutoff, but I will get it updated before Quebec in any case. thanks, =JeffH