[websec] #11: failing insecure connections and user recourse
"websec issue tracker" <trac+websec@trac.tools.ietf.org> Tue, 19 July 2011 21:39 UTC
Return-Path: <trac+websec@trac.tools.ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BB6822800F for <websec@ietfa.amsl.com>; Tue, 19 Jul 2011 14:39:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dJf0SOyNSEhz for <websec@ietfa.amsl.com>; Tue, 19 Jul 2011 14:39:03 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (zinfandel.tools.ietf.org [IPv6:2001:1890:1112:1::2a]) by ietfa.amsl.com (Postfix) with ESMTP id D572A228011 for <websec@ietf.org>; Tue, 19 Jul 2011 14:39:03 -0700 (PDT)
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.76) (envelope-from <trac+websec@trac.tools.ietf.org>) id 1QjI0A-0007so-1N; Tue, 19 Jul 2011 14:38:50 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: websec issue tracker <trac+websec@trac.tools.ietf.org>
X-Trac-Version: 0.11.7
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.7, by Edgewall Software
To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com
X-Trac-Project: websec
Date: Tue, 19 Jul 2011 21:38:50 -0000
X-URL: http://tools.ietf.org/websec/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/11
Message-ID: <070.af0bfffe62bd5e0a6e782fea2e8d2597@trac.tools.ietf.org>
X-Trac-Ticket-ID: 11
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org
X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Resent-To:
Resent-Message-Id: <20110719213903.D572A228011@ietfa.amsl.com>
Resent-Date: Tue, 19 Jul 2011 14:39:03 -0700
Resent-From: trac+websec@trac.tools.ietf.org
Cc: websec@ietf.org
Subject: [websec] #11: failing insecure connections and user recourse
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 21:39:08 -0000
#11: failing insecure connections and user recourse http://www.ietf.org/mail-archive/web/websec/current/msg00076.html Subject: Re: [websec] failing insecure connections and user recourse (was: Some questions about HSTS) From: =JeffH <Jeff.Hodges@KingsMountain.com> Date: Tue, 23 Nov 2010 16:42:03 -0800 To: IETF WebSec WG <websec@ietf.org> [ I'm outta the office this week; expect longer than usual delays ] Yoav Nir noted.. > > In sections 2.4.1.1, point #9 says: 9. UAs need to prevent users from > clicking-through security warnings. Halting connection attempts in the face > of secure transport exceptions is acceptable. > > ... > > Point #9 seems to say contradictory things. On the one hand, it says that > "UAs need to prevent..." and I interpret "need" to mean "MUST", but on the > other hand, halting connections is just "acceptable". So is it MAY or MUST? section 2.4.1.1, comprises core functional requirements for addressing the threats noted in an earlier section of the Overview -- its non-normative expository material. The relevant normative language in the present spec (draft-hodges-strict-transport-sec-02) is.. 7.3. Errors in Secure Transport Establishment When connecting to a Known HSTS Server, the UA MUST terminate the connection with no user recourse if there are any errors (e.g. certificate errors), whether "warning" or "fatal" or any other error level, with the underlying secure transport. Paul Hoffman notes.. > > ...the IETF, generally does not make such decisions for users. We make > protocols and recommendations to developers. The text in this document > should be worded as such. Agreed. I propose moving the "with no user recourse" phrase (no more, no less), in the language quoted above, to section "10. UA Implementation Advice", and appropriately elaborate on it there (and in security considerations). -- -------------------------------------------+-------------------------------- Reporter: jeff.hodges@… | Owner: draft-ietf-websec-strict-transport-sec@… Type: defect | Status: new Priority: major | Milestone: Component: strict-transport-sec | Version: Severity: Active WG Document | Keywords: -------------------------------------------+-------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/11> websec <http://tools.ietf.org/websec/>
- [websec] #11: failing insecure connections and us… websec issue tracker
- Re: [websec] #11: failing insecure connections an… websec issue tracker