[websec] new rev: draft-ietf-websec-strict-transport-sec-08
=JeffH <Jeff.Hodges@KingsMountain.com> Thu, 17 May 2012 20:33 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CEFD21F875C for <websec@ietfa.amsl.com>; Thu, 17 May 2012 13:33:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.097
X-Spam-Level:
X-Spam-Status: No, score=-100.097 tagged_above=-999 required=5 tests=[AWL=0.398, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a4mRAX0mt41z for <websec@ietfa.amsl.com>; Thu, 17 May 2012 13:33:17 -0700 (PDT)
Received: from oproxy6-pub.bluehost.com (oproxy6.bluehost.com [IPv6:2605:dc00:100:2::a6]) by ietfa.amsl.com (Postfix) with SMTP id 7DD6421F8740 for <websec@ietf.org>; Thu, 17 May 2012 13:33:17 -0700 (PDT)
Received: (qmail 733 invoked by uid 0); 17 May 2012 20:33:16 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy3.bluehost.com with SMTP; 17 May 2012 20:33:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=pkzLc3rP/G7kehZvXXuG6CUekvZjmsWfj72wZpcNC8U=; b=oRArkyOfQpnirIteV/vMltss1KViQMTxFFwse3daUiYwQEM7E9bK5UCwGWiXe6lRWvvC5h1A+phnFG4BEp9uDKFplgCZUkxBqu72h2iA585Jy0E9e6NAE2m/A7aJrlGL;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.136.83]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1SV7Ns-0007om-BW for websec@ietf.org; Thu, 17 May 2012 14:33:16 -0600
Message-ID: <4FB5608E.60409@KingsMountain.com>
Date: Thu, 17 May 2012 13:33:18 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: [websec] new rev: draft-ietf-websec-strict-transport-sec-08
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 20:33:18 -0000
New rev: https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-08 full issue ticket list for strict-transport-sec: <http://trac.tools.ietf.org/wg/websec/trac/query?status=assigned&status=closed&status=new&status=reopened&component=strict-transport-sec&order=id> Redline spec diff from previous rev: https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-websec-strict-transport-sec-08.txt side-by-side diff from previous rev: https://tools.ietf.org/rfcdiff?url2=draft-ietf-websec-strict-transport-sec-08.txt Change Log is below. =JeffH ============================================================== Appendix D. Change Log [RFCEditor: please remove this section upon publication as an RFC.] Changes are grouped by spec revision listed in reverse issuance order. D.1. For draft-ietf-websec-strict-transport-sec Changes from -07 to -08: 1. Clarified requirement #4 for STS header field directives in Section 6.1, and removed "(which "update" this specification)". Also added explicit "max-age=0" to Section 6.1.1. Reworked final sentence in 2nd para of Section 13. This addresses issue ticket #45. <http://trac.tools.ietf.org/wg/websec/trac/ticket/45> Changes from -06 to -07: 1. Various minor/modest editorial tweaks throughout as I went through it pursuing the below issue tickets. Viewing a visual diff against -06 revision recommended. 2. fixed some minor editorial issues noted in review by Alexey, fixes noted in here: <https://www.ietf.org/mail-archive/web/ websec/current/msg01163.html> 3. Addressed ABNF exposition issues, specifically inclusion of quoted-string syntax for directive values. Fix STS header ABNF such that a leading ";" isn't required. Add example of quoted-string-encoded max-age-value. This addresses (re- opened) issue ticket #33. <http://trac.tools.ietf.org/wg/websec/trac/ticket/33> 4. Reworked sections 8.1 through 8.3 to ensure matching algorithm and resultant HSTS Policy application is more clear, and that it is explicitly stipulated to not muck with attributes of superdomain matching Known HSTS Hosts. This addresses issue ticket #37. <http://trac.tools.ietf.org/wg/websec/trac/ticket/37> 5. Added reference to [I-D.ietf-dane-protocol], pared back extraneous discussion in section 2.2, and updated discussion in 10.2 to accomodate TLSA (nee DANE). This addresses issue ticket #39. <http://trac.tools.ietf.org/wg/websec/trac/ticket/39> 6. Addressed various editorial items from issue ticket #40. <http://trac.tools.ietf.org/wg/websec/trac/ticket/40> 7. Loosened up the language regarding redirecting "http" requests to "https" in section 7.2 such that future flavors of permanent redirects are accommodated. This addresses issue ticket #43. <http://trac.tools.ietf.org/wg/websec/trac/ticket/43> 8. Reworked the terminology and language in Section 9, in particular defining the term "putative domain name string" to replace "valid Unicode-encoded string-serialized domain name". This addresses issue ticket #44. <http://trac.tools.ietf.org/wg/websec/trac/ticket/44> Changes from -05 to -06: . . . . --- end
- Re: [websec] new rev: draft-ietf-websec-strict-tr… =JeffH
- [websec] new rev: draft-ietf-websec-strict-transp… =JeffH
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Alexey Melnikov
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Paul Hoffman
- [websec] draft-ietf-websec-strict-transport-sec-0… Tobias Gondrom