[websec] #28: HSTS spec unclear about the denotation of "HSTS policy"
"websec issue tracker" <trac+websec@trac.tools.ietf.org> Tue, 15 November 2011 13:05 UTC
Return-Path: <trac+websec@trac.tools.ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC87B21F8E18 for <websec@ietfa.amsl.com>; Tue, 15 Nov 2011 05:05:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o+yXG0p8ZQw5 for <websec@ietfa.amsl.com>; Tue, 15 Nov 2011 05:05:15 -0800 (PST)
Received: from gamay.tools.ietf.org (gamay.tools.ietf.org [208.66.40.242]) by ietfa.amsl.com (Postfix) with ESMTP id 6BB4721F8E17 for <websec@ietf.org>; Tue, 15 Nov 2011 05:05:15 -0800 (PST)
Received: from localhost ([::1] helo=gamay.tools.ietf.org) by gamay.tools.ietf.org with esmtp (Exim 4.77) (envelope-from <trac+websec@trac.tools.ietf.org>) id 1RQIhL-0003IX-Tn; Tue, 15 Nov 2011 08:05:11 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: websec issue tracker <trac+websec@trac.tools.ietf.org>
X-Trac-Version: 0.12.2
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.2, by Edgewall Software
To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com
X-Trac-Project: websec
Date: Tue, 15 Nov 2011 13:05:11 -0000
X-URL: http://tools.ietf.org/websec/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/28
Message-ID: <070.3a39431f6b25ef97957a720cb34b8bc4@trac.tools.ietf.org>
X-Trac-Ticket-ID: 28
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org
X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on gamay.tools.ietf.org); SAEximRunCond expanded to false
Resent-To:
Resent-Message-Id: <20111115130515.6BB4721F8E17@ietfa.amsl.com>
Resent-Date: Tue, 15 Nov 2011 05:05:15 -0800
Resent-From: trac+websec@trac.tools.ietf.org
Cc: websec@ietf.org
Subject: [websec] #28: HSTS spec unclear about the denotation of "HSTS policy"
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2011 13:05:16 -0000
#28: HSTS spec unclear about the denotation of "HSTS policy" Strict-Transport-Security syntax and effective request URI def [StPeter] https://www.ietf.org/mail-archive/web/websec/current/msg00476.html The document is a bit unclear about the denotation of "HSTS policy". Sometimes it refers to the site's policy and sometimes to the overall recommendations defined in the spec. This specification also incorporates notions from [JacksonBarth2008] in that the HSTS policy is applied on an "entire-host" basis: it applies to all TCP ports on the host. Additionally, HSTS policy can be applied to the entire domain name subtree rooted at a given host name. This enables HSTS to protect so-called "domain cookies", which are applied to all subdomains of a given domain. Perhaps it would be helpful to contrast the all ports and entire subtree principles with the same origin policy also being worked on in this WG, with an informational reference to the appropriate spec. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-websec-strict-transport- jeff.hodges@… | sec@… Type: defect | Status: new Priority: minor | Milestone: Component: strict- | Version: transport-sec | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/28> websec <http://tools.ietf.org/websec/>
- [websec] #28: HSTS spec unclear about the denotat… websec issue tracker
- Re: [websec] #28: HSTS spec unclear about the den… websec issue tracker