Re: [websec] Stephen Farrell's Yes on draft-ietf-websec-key-pinning-21: (with COMMENT)
Barry Leiba <barryleiba@computer.org> Thu, 09 October 2014 13:00 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0D381ACF70; Thu, 9 Oct 2014 06:00:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YkuqTDaF6qCo; Thu, 9 Oct 2014 06:00:27 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 113CF1ACE90; Thu, 9 Oct 2014 05:58:14 -0700 (PDT)
Received: by mail-lb0-f175.google.com with SMTP id u10so1068873lbd.6 for <multiple recipients>; Thu, 09 Oct 2014 05:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=M/xI478+i8fDd/nUvT0vnorvdJMMlAV1ph8PtFO2OyI=; b=ecL/J+Guievr4zrP84LhSWu2vJeIrv7Y94jiQDPiZaiza2LiYcgx8FDFzv83bW3Gwj 7pps1Z6QeMFRSXFuw+oZnFD/5itq3AM0nN9qPxeh8qonDDRSGcu5smBz2mYLrGJJ6zk8 ubBWwfVpznYBm8A9ziLIFWUTip8YWZJXr23yP6I6icISH4UKNGtKnl4ihQgR4EjWkVBt 4lwd29WonS+w/dMqmg0kDoc7Ssad1mdiv84fYtYavQGBLAtOuS+Zcok7wfaomDVVsYVq d1XrcdVy2WJtCYCSarkDx+gmQyC5m8O42UMqpkzLh6va/CWElRR6KdGURxxEMlpfclAq lAVA==
MIME-Version: 1.0
X-Received: by 10.152.36.67 with SMTP id o3mr18654074laj.45.1412859493404; Thu, 09 Oct 2014 05:58:13 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.152.8.103 with HTTP; Thu, 9 Oct 2014 05:58:13 -0700 (PDT)
In-Reply-To: <20141009124236.9721.74949.idtracker@ietfa.amsl.com>
References: <20141009124236.9721.74949.idtracker@ietfa.amsl.com>
Date: Thu, 09 Oct 2014 08:58:13 -0400
X-Google-Sender-Auth: JSHNeKY7aViXgsM3jru5cA9y8jA
Message-ID: <CALaySJJ6iur2NWeYrtOFRhFzRBmWt121WRMaFAVmp5ne4TQGyQ@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="089e0158b78e38d73a0504fcfc95"
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/ZE4B24cWVarcCPWe5VAiZEXoEe8
Cc: "draft-ietf-websec-key-pinning@tools.ietf.org" <draft-ietf-websec-key-pinning@tools.ietf.org>, "websec@ietf.org" <websec@ietf.org>, The IESG <iesg@ietf.org>, "websec-chairs@tools.ietf.org" <websec-chairs@tools.ietf.org>
Subject: Re: [websec] Stephen Farrell's Yes on draft-ietf-websec-key-pinning-21: (with COMMENT)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 13:00:28 -0000
Just on the new point: - In 2.2 you say: "(1) the processing rules for HTTP > request messages received over a secure transport (e.g. > authenticated, non-anonymous TLS); " > > Should the "e.g." be an "i.e." ? It's probably fine either > way but just wondered. > It seems to me that "for example" is right, allowing for other possible secure transports (perhaps IPSec, perhaps something that comes later). The concept is that it needs to be secured, and the example is apt. Barry
- [websec] Stephen Farrell's Yes on draft-ietf-webs… Stephen Farrell
- Re: [websec] Stephen Farrell's Yes on draft-ietf-… Barry Leiba