[websec] new rev: draft-ietf-websec-strict-transport-sec-08

=JeffH <Jeff.Hodges@KingsMountain.com> Thu, 17 May 2012 20:33 UTC

Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9CEFD21F875C for <websec@ietfa.amsl.com>; Thu, 17 May 2012 13:33:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.097
X-Spam-Status: No, score=-100.097 tagged_above=-999 required=5 tests=[AWL=0.398, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id a4mRAX0mt41z for <websec@ietfa.amsl.com>; Thu, 17 May 2012 13:33:17 -0700 (PDT)
Received: from oproxy6-pub.bluehost.com (oproxy6.bluehost.com [IPv6:2605:dc00:100:2::a6]) by ietfa.amsl.com (Postfix) with SMTP id 7DD6421F8740 for <websec@ietf.org>; Thu, 17 May 2012 13:33:17 -0700 (PDT)
Received: (qmail 733 invoked by uid 0); 17 May 2012 20:33:16 -0000
Received: from unknown (HELO box514.bluehost.com) ( by cpoproxy3.bluehost.com with SMTP; 17 May 2012 20:33:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=pkzLc3rP/G7kehZvXXuG6CUekvZjmsWfj72wZpcNC8U=; b=oRArkyOfQpnirIteV/vMltss1KViQMTxFFwse3daUiYwQEM7E9bK5UCwGWiXe6lRWvvC5h1A+phnFG4BEp9uDKFplgCZUkxBqu72h2iA585Jy0E9e6NAE2m/A7aJrlGL;
Received: from outbound4.ebay.com ([] helo=[]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1SV7Ns-0007om-BW for websec@ietf.org; Thu, 17 May 2012 14:33:16 -0600
Message-ID: <4FB5608E.60409@KingsMountain.com>
Date: Thu, 17 May 2012 13:33:18 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth authed with jeff.hodges+kingsmountain.com}
Subject: [websec] new rev: draft-ietf-websec-strict-transport-sec-08
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 20:33:18 -0000

New rev:

full issue ticket list for strict-transport-sec:

Redline spec diff from previous rev:

side-by-side diff from previous rev:

Change Log is below.



Appendix D. Change Log

    [RFCEditor: please remove this section upon publication as an RFC.]

    Changes are grouped by spec revision listed in reverse issuance

D.1.  For draft-ietf-websec-strict-transport-sec

       Changes from -07 to -08:

       1.  Clarified requirement #4 for STS header field directives in
           Section 6.1, and removed "(which "update" this
           specification)".  Also added explicit "max-age=0" to Section
           6.1.1.  Reworked final sentence in 2nd para of Section 13.
           This addresses issue ticket #45.

       Changes from -06 to -07:

       1.  Various minor/modest editorial tweaks throughout as I went
           through it pursuing the below issue tickets.  Viewing a visual
           diff against -06 revision recommended.

       2.  fixed some minor editorial issues noted in review by Alexey,
           fixes noted in here: <https://www.ietf.org/mail-archive/web/

       3.  Addressed ABNF exposition issues, specifically inclusion of
           quoted-string syntax for directive values.  Fix STS header
           ABNF such that a leading ";" isn't required.  Add example of
           quoted-string-encoded max-age-value.  This addresses (re-
           opened) issue ticket #33.

       4.  Reworked sections 8.1 through 8.3 to ensure matching algorithm
           and resultant HSTS Policy application is more clear, and that
           it is explicitly stipulated to not muck with attributes of
           superdomain matching Known HSTS Hosts.  This addresses issue
           ticket #37.

       5.  Added reference to [I-D.ietf-dane-protocol], pared back
           extraneous discussion in section 2.2, and updated discussion
           in 10.2 to accomodate TLSA (nee DANE).  This addresses issue
           ticket #39.

       6.  Addressed various editorial items from issue ticket #40.

       7.  Loosened up the language regarding redirecting "http" requests
           to "https" in section 7.2 such that future flavors of
           permanent redirects are accommodated.  This addresses issue
           ticket #43.

       8.  Reworked the terminology and language in Section 9, in
           particular defining the term "putative domain name string" to
           replace "valid Unicode-encoded string-serialized domain name".
           This addresses issue ticket #44.

        Changes from -05 to -06: