Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04

Julian Reschke <julian.reschke@gmx.de> Wed, 28 March 2012 13:36 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 615FB21F85F6 for <websec@ietfa.amsl.com>; Wed, 28 Mar 2012 06:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.066
X-Spam-Level:
X-Spam-Status: No, score=-104.066 tagged_above=-999 required=5 tests=[AWL=-1.467, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPs96q9BusD6 for <websec@ietfa.amsl.com>; Wed, 28 Mar 2012 06:36:22 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id A1BE421E80BF for <websec@ietf.org>; Wed, 28 Mar 2012 06:36:12 -0700 (PDT)
Received: (qmail invoked by alias); 28 Mar 2012 13:36:11 -0000
Received: from mail.greenbytes.de (EHLO [IPv6:::1]) [217.91.35.233] by mail.gmx.net (mp039) with SMTP; 28 Mar 2012 15:36:11 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX18JtJFgZjoJgMPfsWBvFuJM6BZeQYyP8Z8KN8BHiK 0/73E3lDaGsEQT
Message-ID: <4F7313C6.8080905@gmx.de>
Date: Wed, 28 Mar 2012 15:36:06 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: =JeffH <Jeff.Hodges@KingsMountain.com>
References: <4F702902.1060406@KingsMountain.com> <4F702BBE.3060806@gmx.de>
In-Reply-To: <4F702BBE.3060806@gmx.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 13:36:26 -0000

Here's the promised concrete change proposal:

Section 6.1., paragraph 3:
OLD:

      Strict-Transport-Security = "Strict-Transport-Security" ":"
                                  *( ";" [ directive ] )

NEW:

      Strict-Transport-Security = "Strict-Transport-Security" ":"
                                  [ directive ] *( ";" [ directive ] )


(fixes the leading ";" problem)

Section 6.1., paragraph 12:
OLD:

    Additional directives extending the semantic functionality of the STS
    header field may be defined in other specifications (which "update"
    this specification), using the STS directive extension point.

NEW:

    Additional directives extending the semantic functionality of the STS
    header field can be defined in other specifications (which "update"
    this specification).

(the extension directive extension point was removed earlier on when the 
ABNF was simplified)

Section 6.1.1., paragraph 2:
OLD:

    The syntax of the max-age directive is defined as:

NEW:

    The syntax of the max-age directive's value (after potential quoted-
    string when applicable) is defined as:


Section 6.1.1., paragraph 3:
OLD:

     max-age       = "max-age" "=" delta-seconds

NEW:

     max-age-value = delta-seconds

(We just define the parameter value ABNF)

Section 6.2., paragraph 0:
OLD:

    The syntax of the includeSubDomains directive is defined as:

      includeSubDomains = "includeSubDomains"

  6.2.  Examples

NEW:

(text removed, as the directive is value-less)


  6.2.  Examples


Section 6.2., paragraph 2:
OLD:

       Strict-Transport-Security: max-age=31536000

NEW:

       Strict-Transport-Security: max-age="31536000"

(changed one example to use q-s)

Best regards, Julian