Re: [websec] DISCUSS positions on draft-ietf-websec-key-pinning

Barry Leiba <> Fri, 03 October 2014 18:07 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5F79F1A888E for <>; Fri, 3 Oct 2014 11:07:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.621
X-Spam-Status: No, score=0.621 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CoiKdcc96cCo for <>; Fri, 3 Oct 2014 11:07:46 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C05F91A8887 for <>; Fri, 3 Oct 2014 11:07:45 -0700 (PDT)
Received: by with SMTP id h18so3305703igc.12 for <>; Fri, 03 Oct 2014 11:07:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=iOXrJp/i4Kw18QLXeFohH9ZRjGa3/nqQkYg4lbbQWaE=; b=HQ5SaVb/wNIpTkNCHUK7nUXgrf/EtKDlACfrAhHYuKAYOtKqyOEbB9imlH6PXhmY+2 OJQMUVX6XUMk6tnCqkVDMR5ujWmVoBWk5BygVn2cei5EgvvYREvG8JZf19Muy7IozcD0 Rp8fbcwA/Bgt5fOLIPCbxQ+Iu8QE2bnQiT9y5s3ws7K+o+gM4af9hsY80YUQqTAByvsK NNm0I0wRZvq5DbWMzfXDIgLoR/Eie/zsRRb5U5ofZqXxyi8S72C7krfIViPjCIuUmBU5 0qC2y73cv6YqcN0XfYfIkkimLQHYhqqpTKbWcCcIogY967Dw3Mtt4RMHEvcrC0KIThVD u8Ow==
MIME-Version: 1.0
X-Received: by with SMTP id kc1mr274224igb.34.1412359665119; Fri, 03 Oct 2014 11:07:45 -0700 (PDT)
Received: by with HTTP; Fri, 3 Oct 2014 11:07:45 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <>
Date: Fri, 03 Oct 2014 14:07:45 -0400
X-Google-Sender-Auth: wy462nKPMsUHY5iVtwUg0NbDSiI
Message-ID: <>
From: Barry Leiba <>
Content-Type: text/plain; charset="UTF-8"
Cc: IETF WebSec WG <>
Subject: Re: [websec] DISCUSS positions on draft-ietf-websec-key-pinning
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 03 Oct 2014 18:07:49 -0000

>>> How are we doing with this document?  Any progress on dealing with the
>>> DISCUSSes and other comments?

It's now eight weeks since the telechat, and there has been no
response of any kind to the comments from the ADs.  The comments, and
especially the DISCUSS positions, should have been discussed with the
relevant ADs.  Discussion and/or resolution has to happen in the next
two weeks -- so, by 17 Oct.  If it doesn't, I'm going to set the
status of the document to "Dead", and close the working group without

That would really be a shame, as it's almost done -- there's a few
days' worth of work left and then it goes to the RFC Editor as a
Proposed Standard.  This seems sort of like running a marathon and
being 200 metres short of the finish line... and then saying, well, 42
km is enough, let's just go to the pub now and leave it unfinished, no
need to do the last .2.

Please, let's not let this die.  Authors, you're almost there.  Eat
some spinach, make like Popeye, and finish it.  You have a deadline;
please meet it.

Barry, Applications AD