IETF Logo Mail Archive

Re: [websec] Regarding RFC 6797

Yoav Nir <ynir.ietf@gmail.com> Mon, 07 May 2018 19:55 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0931C129C56 for <websec@ietfa.amsl.com>; Mon, 7 May 2018 12:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PlfkoNpUo_-l for <websec@ietfa.amsl.com>; Mon, 7 May 2018 12:55:05 -0700 (PDT)
Received: from mail-wr0-x232.google.com (mail-wr0-x232.google.com [IPv6:2a00:1450:400c:c0c::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7869129C53 for <websec@ietf.org>; Mon, 7 May 2018 12:55:04 -0700 (PDT)
Received: by mail-wr0-x232.google.com with SMTP id i14-v6so26782259wre.2 for <websec@ietf.org>; Mon, 07 May 2018 12:55:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=MSeKti4y+Z6Gzf8vNtna1bpabA34F09HCNqVx1OvDAY=; b=Ijg2Y9haZH1nMFBJSxHwQFgnA/nfp53rxwJU8AKCixaLxKUBiO16sE0mCNrw6ycFqp 80fyJW2Hy23puRqZPu0JrAbPudJmUJ0LttbKfszKRlnj9l/G/RPpz9r+3gzpq3nX63Fj hAweBD4qjyowDVZJMzKATCIfV37fkjzP+RcG8utAnrBLkZSCt6+gfUvvUr/i3UCH6tcd BuXFPCl0d4vI0B2gZAYFa1odZG03Gs69poj69nslx/H8ba/tik2Fj8Nc9urgZHoHV/DL fTgXXIeylx0HpBOsDb2LwgvuWdHZOzzUjokE1pDU08Lv9WYR3t/c4/pD3PT9GTTqY9du 3dlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=MSeKti4y+Z6Gzf8vNtna1bpabA34F09HCNqVx1OvDAY=; b=Eewd/XuX6h8kdg2WGnXFpN36eKnLEdMdw2PjsStmCPFS7JErkoVraMgmqGum6D+5YD QdeUnBYtKNHJoOToB+RPABgzLNqfEe+AfJ8Yi+Xg5p7YfSSF9UTf9ILrb9an4dkgaUVK keX3+K0MVSumV4BwpKWmdIx0MynevGwQOx4stEHG79bzEI0d8MDL5rrNmCkSOA9DPhm3 Ahr4tqBPeUupT+EpOmUYvS4rLSTgE3+pQi9ZftnnBpqEQXkky5qhTm/UR4y6OKzplwsF xaI2bXP9ReAbqAyjVd4jWF7gzbEgKa6QURIm4K7EdM07l/W9xEWDRr/lGVSniJCREJgg vGlw==
X-Gm-Message-State: ALQs6tAJJvFFFQ7MXQ60+Y5Q1yxOtFpIW9gGV52E1f2QfJw0so5+udkB wdS+essoH24bm1HAMSyHpyc=
X-Google-Smtp-Source: AB8JxZqRf8g6wqxQzoqg17xbT5ySysAHRjLigQjVoSlqoi00CXscIihNwBnqUfbna+61y3QOqQ5oRA==
X-Received: by 2002:adf:87e1:: with SMTP id c30-v6mr29281933wrc.246.1525722903259; Mon, 07 May 2018 12:55:03 -0700 (PDT)
Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id j1-v6sm24313930wre.25.2018.05.07.12.55.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 May 2018 12:55:02 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <960CE667-98A4-48A9-9E7E-B32E3405A961@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_8790157E-F6AE-4110-A6A5-B08DC9B95A21"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Mon, 07 May 2018 22:54:59 +0300
In-Reply-To: <CWXP265MB03125F1F074DBA2FDA1E1D2BB1860@CWXP265MB0312.GBRP265.PROD.OUTLOOK.COM>
Cc: "websec@ietf.org" <websec@ietf.org>
To: Robert Linder <Robert.Vuj.Linder@outlook.com>
References: <CWXP265MB03125F1F074DBA2FDA1E1D2BB1860@CWXP265MB0312.GBRP265.PROD.OUTLOOK.COM>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/websec/I1WIDCJ6epBHGhchTLPid9Iqj20>
Subject: Re: [websec] Regarding RFC 6797
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 19:55:07 -0000


> On 4 May 2018, at 23:11, Robert Linder <Robert.Vuj.Linder@outlook.com> wrote:
> 
> Hi,
> 
> I would like to propose the addition of the ”immutable” directive (similar to that of RFC 8246) for the HSTS header field (RFC 6797).

Immutable meaning that the HSTS header is permanent and can never be removed?  So if a user agent has seen an immutable HSTS header once, that site has to be (valid) HTTPS-only forever?

Interesting idea.

Anyway, the WebSec working group has been closed for several years now.  If you would like to extend HSTS, you should submit an individual draft (something with a name like draft-linder-hsts-immutable-00).

You can then discuss the draft either here or in the secdispatch mailing list (more technical discussion goes here; procedural discussion goes there).

You can also ask to present your draft at the meeting of the SecDispatch working group at the next IETF meeting (this July in Montreal, or the one after that: November in Bangkok). The purpose of the SecDispatch working group is to recommend what to do with new drafts - either spin up a new working group, or find an existing working group to work on this, or ask an Area Director to sponsor the draft as an individual submission.

Hope this helps

Yoav
(former co-chair of WebSec)

v2.23.0 | Report a Bug | By Email