Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06 until April-9

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 21 March 2012 14:37 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DABF921F8656 for <websec@ietfa.amsl.com>; Wed, 21 Mar 2012 07:37:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.672
X-Spam-Level:
X-Spam-Status: No, score=-102.672 tagged_above=-999 required=5 tests=[AWL=-0.073, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VHnYEvgPObtL for <websec@ietfa.amsl.com>; Wed, 21 Mar 2012 07:37:08 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id B1FCB21F8503 for <websec@ietf.org>; Wed, 21 Mar 2012 07:36:46 -0700 (PDT)
Received: from [10.20.30.101] (50-0-66-4.dsl.dynamic.fusionbroadband.com [50.0.66.4]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.3) with ESMTP id q2LEahHw065025 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <websec@ietf.org>; Wed, 21 Mar 2012 07:36:44 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1257)
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <4F66FDF1.9090306@gmx.de>
Date: Wed, 21 Mar 2012 07:36:44 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F34D887-38D0-4011-8E1D-77B6F923F6C6@vpnc.org>
References: <4F66623F.9000300@gondrom.org> <4F66FDF1.9090306@gmx.de>
To: IETF WebSec WG <websec@ietf.org>
X-Mailer: Apple Mail (2.1257)
Subject: Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06 until April-9
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2012 14:37:09 -0000

On Mar 19, 2012, at 2:35 AM, Julian Reschke wrote:

> I'd like to point out that I still think my concerns over the inconsistent use of quoted-string (<http://www.ietf.org/mail-archive/web/websec/current/msg01044.html>) are valid and not addressed; and I think they should be before you go to IETF LC.
> 
> Note that since we had a long discussion with Adam Barth about quoted-string, Chrome has started supporting it in Content-Disposition, and a similar fix for Content-Type is in preparation (<http://code.google.com/p/chromium/issues/detail?id=103361#c7>).
> 
> In <http://www.ietf.org/mail-archive/web/websec/current/msg01045.html> Jeff points out that Firefox doesn't support quoted-string in all parameters, but IMHO that's a bogus argument because it currently doesn't support q-s *at all*; so it will need to be fixed to conform to the current spec as well (see <https://bugzilla.mozilla.org/show_bug.cgi?id=718409>).

+1. This is an important topic.

--Paul Hoffman