IETF Logo Mail Archive

[websec] New draft of HTTP header-based public key pinning

Chris Palmer <palmer@google.com> Tue, 08 November 2011 23:57 UTC

Return-Path: <palmer@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE2A611E80A2 for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 15:57:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.477
X-Spam-Level:
X-Spam-Status: No, score=-104.477 tagged_above=-999 required=5 tests=[AWL=-1.500, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tyfuik86OF04 for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 15:57:11 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id AB3B311E8081 for <websec@ietf.org>; Tue, 8 Nov 2011 15:57:10 -0800 (PST)
Received: by wyg30 with SMTP id 30so1276435wyg.31 for <websec@ietf.org>; Tue, 08 Nov 2011 15:57:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:date:message-id:subject:from:to:cc:content-type :x-system-of-record; bh=dI8n+t9iGZO1fs1jF6iqED0jRAPbcTX08Joz6bfyYhk=; b=BBgnJ26PhMEA7wm/ZVxECp89HoEuJs41cVcr+kMvIrjZdjceP78SsZF8//dzRT2ERf nzxkYb8sj/SAvxHChR5w==
Received: by 10.216.135.79 with SMTP id t57mr15750wei.4.1320796627873; Tue, 08 Nov 2011 15:57:07 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.135.79 with SMTP id t57mr15742wei.4.1320796627613; Tue, 08 Nov 2011 15:57:07 -0800 (PST)
Received: by 10.216.216.205 with HTTP; Tue, 8 Nov 2011 15:57:07 -0800 (PST)
Date: Tue, 08 Nov 2011 15:57:07 -0800
Message-ID: <CAOuvq21Ne0CWT3Dzn0sutGDBg0K+efZhxmqBZiLuxbO2OwxnFg@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: IETF WebSec WG <websec@ietf.org>, Chris Evans <cevans@google.com>
Content-Type: multipart/mixed; boundary="0016e6de14edcf384104b141ed16"
X-System-Of-Record: true
Cc: Ian Fette <ifette@google.com>, Wan-Teh Chang <wtc@google.com>
Subject: [websec] New draft of HTTP header-based public key pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2011 23:57:12 -0000

Hi all,

I tried to get this in by the deadline last week, but I had formatting
errors at the last minute (the draft name had changed to reflect its
non-HSTS nature, so the submission form rejected my version of -01!
Sigh), and then it cuts you off at 5:00 PST. Ah well. I've attached
the .txt form of the latest draft, and Ian Fette and Wan-Teh Chang
will be with you in Taipei. Only Ian has officially signed on to
represent this proposal at the meeting, though.

I changed a lot in this document, thanks to all your excellent
suggestions. Especially Jeff Hodges! This is a significantly different
and simpler document than the previous versions, although I'm sure
it's still not perfect — blame me for those parts.

v2.23.0 | Report a Bug | By Email