Re: [websec] Strict-Transport-Security syntax redux

Julian Reschke <julian.reschke@gmx.de> Mon, 09 January 2012 00:39 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1057F21F85D6 for <websec@ietfa.amsl.com>; Sun, 8 Jan 2012 16:39:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.443
X-Spam-Level:
X-Spam-Status: No, score=-103.443 tagged_above=-999 required=5 tests=[AWL=-0.844, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSVuiSMpX3cc for <websec@ietfa.amsl.com>; Sun, 8 Jan 2012 16:39:10 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 2ACD221F8504 for <websec@ietf.org>; Sun, 8 Jan 2012 16:39:09 -0800 (PST)
Received: (qmail invoked by alias); 09 Jan 2012 00:39:09 -0000
Received: from p3EE26BEB.dip.t-dialin.net (EHLO [192.168.178.36]) [62.226.107.235] by mail.gmx.net (mp018) with SMTP; 09 Jan 2012 01:39:09 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+73nJfsDa7ehxcZX+a1+gdbJ2Jcuo+UYpFsg8TcY Z4l8CN2C8sMib7
Message-ID: <4F0A372B.2070407@gmx.de>
Date: Mon, 09 Jan 2012 01:39:07 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <CAJE5ia-E1nhN1YGV6uy3uEq4oboQowDm4FboKbWV1kunHQmXPw@mail.gmail.com> <4EFCDDD5.6040005@gmx.de> <CAJE5ia8CL9ozRJgRNCdu6XwVT0paVuVUreB12f-BiMvH+wiq6A@mail.gmail.com> <4EFD73E6.1060506@gmx.de> <CAJE5ia8RBa8iCd_9TjXyzG54VASa6qqGomsO9gL-qQ2ia=BKLg@mail.gmail.com> <4EFD7C09.9050702@gmx.de> <CAJE5ia8aN_MKUX_7ehp6siw=CY7nC4aSRPoPcsaDX8+emwaFVw@mail.gmail.com> <4EFD8BCE.7010909@gmx.de> <CAJE5ia9cziSx-xb6nCEFXJkbu2Ls_ZQmYHpfrC7UK3ig3ZmM2g@mail.gmail.com> <4F052D2E.5050200@gondrom.org> <aoakg7l45gfcrj731u6k652hjofhv12ocl@hive.bjoern.hoehrmann.de> <CAJE5ia-5X_onfhUriRkQZNbVBa_qRBYPkUu8kyEVsrGmE41_=Q@mail.gmail.com>
In-Reply-To: <CAJE5ia-5X_onfhUriRkQZNbVBa_qRBYPkUu8kyEVsrGmE41_=Q@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, websec@ietf.org
Subject: Re: [websec] Strict-Transport-Security syntax redux
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2012 00:39:11 -0000

On 2012-01-09 01:25, Adam Barth wrote:
> On Sun, Jan 8, 2012 at 4:10 PM, Bjoern Hoehrmann<derhoermi@gmx.net>  wrote:
>> * Tobias Gondrom wrote:
>>> <hat="chair>
>>> as it seems there is disagreement on how to resolve this, with only very
>>> few people having spoken out so far, I would like to invite comments
>> >from other working group members on this topic to see whether we might
>>> have missed something.
>>
>> It seems to me that all headers defined in RFC 2616 that allow para-
>> meteter lists of the `;name=value` form allow the value to be a quoted
>> string.
>
> This header isn't defined in RFC 2616 and many headers defined outside
> of RFC 2616 don't use quoted-string.
> ...

In name/value pairs? Example?

(As a matter of fact, not all header fields in 2616 are as consistent as 
they should, but that's not an excuse for not trying to do better with 
new header fields)

Best regards, Julian