Re: [websec] handling STS header field extendability
Yoav Nir <ynir@checkpoint.com> Tue, 14 August 2012 07:12 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61D7621F85C4 for <websec@ietfa.amsl.com>; Tue, 14 Aug 2012 00:12:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.416
X-Spam-Level:
X-Spam-Status: No, score=-10.416 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lV25zGdiTeTz for <websec@ietfa.amsl.com>; Tue, 14 Aug 2012 00:12:23 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 117EE11E8098 for <websec@ietf.org>; Tue, 14 Aug 2012 00:12:22 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id q7E7CKNk013629 for <websec@ietf.org>; Tue, 14 Aug 2012 10:12:20 +0300
X-CheckPoint: {5029F727-2-1B221DC2-4FFFF}
Received: from il-ex03.ad.checkpoint.com (194.29.34.71) by il-ex01.ad.checkpoint.com (194.29.34.26) with Microsoft SMTP Server (TLS) id 8.3.213.0; Tue, 14 Aug 2012 10:12:19 +0300
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex03.ad.checkpoint.com ([194.29.34.71]) with mapi; Tue, 14 Aug 2012 10:12:18 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: IETF WebSec WG <websec@ietf.org>
Date: Tue, 14 Aug 2012 10:12:16 +0300
Thread-Topic: [websec] handling STS header field extendability
Thread-Index: Ac150zNRb1fEkDa/QvKTxfcyQGLsmAAF/5Iw
Message-ID: <006FEB08D9C6444AB014105C9AEB133F017A7F9331A9@il-ex01.ad.checkpoint.com>
References: <5024352D.4040604@KingsMountain.com> <CAOuvq23dxoKyV2No55WEYePhVj+Fcab5cF65C1FsiqgtmEkXMA@mail.gmail.com> <CAC4RtVCrfqi=7CfWsWLoQyQRuvGHj4hKAWQt8Pz3zHiiD4n4Cg@mail.gmail.com>
In-Reply-To: <CAC4RtVCrfqi=7CfWsWLoQyQRuvGHj4hKAWQt8Pz3zHiiD4n4Cg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
x-cpdlp: 11ec05d72c59a1cf2304c449eccd3ecd4ad377d26a
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-KSE-AntiSpam-Interceptor-Info: protection disabled
Subject: Re: [websec] handling STS header field extendability
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 07:12:24 -0000
Right. As a reminder, the proposed resolution is as follows: * Do not establish a registry now Let the first new header field specification establish it * A client that gets an unknown field ignores it This means no mandatory-to-understand extensions At this stage, a +1 response is OK though not necessary (we got plenty of those in the room), but any disagreement should come with an explanation. Thanks Yoav ================================================================ From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On Behalf Of Barry Leiba Sent: Tuesday, August 14, 2012 7:14 AM To: IETF WebSec WG Subject: Re: [websec] handling STS header field extendability Please forgive my ignorance, but do LockCA and/or LockEV offer any functionality that you can't already get with public key pinning as currently specified? Folks, this thread has rather been hijacked. We need to have some WG input on what registration policy to recommend for a possible future STS header field registry. That's what this thread is for, and I need to see some WG discussion about it in order that Jeff may finish the document and that I may move it forward. Please take discussion of LockCA and LockEV to another thread. Thanks, Barry
- Re: [websec] handling STS header field extendabil… =JeffH
- Re: [websec] handling STS header field extendabil… Alexey Melnikov
- [websec] handling STS header field extendability =JeffH
- Re: [websec] handling STS header field extendabil… Chris Palmer
- Re: [websec] handling STS header field extendabil… Tom Ritter
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Collin Jackson
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Collin Jackson
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Chris Palmer
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… Collin Jackson
- Re: [websec] handling STS header field extendabil… Barry Leiba
- Re: [websec] handling STS header field extendabil… Yoav Nir
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… =JeffH
- Re: [websec] handling STS header field extendabil… Yoav Nir
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… Barry Leiba
- Re: [websec] handling STS header field extendabil… =JeffH
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… Yoav Nir
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… =JeffH