[websec] Pete Resnick's No Objection on draft-ietf-websec-key-pinning-19: (with COMMENT)
"Pete Resnick" <presnick@qti.qualcomm.com> Tue, 05 August 2014 00:49 UTC
Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A0AE1A0AC4; Mon, 4 Aug 2014 17:49:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9OIrJsPTFYiH; Mon, 4 Aug 2014 17:49:50 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A50C61A0ACA; Mon, 4 Aug 2014 17:49:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Pete Resnick <presnick@qti.qualcomm.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140805004950.9059.81409.idtracker@ietfa.amsl.com>
Date: Mon, 04 Aug 2014 17:49:50 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/_gpa3VwHcrd_D2ku-gB49qzzyRc
Cc: draft-ietf-websec-key-pinning@tools.ietf.org, websec@ietf.org, websec-chairs@tools.ietf.org
Subject: [websec] Pete Resnick's No Objection on draft-ietf-websec-key-pinning-19: (with COMMENT)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 00:49:52 -0000
Pete Resnick has entered the following ballot position for draft-ietf-websec-key-pinning-19: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- 1: The first sentence is quite confusing. Might I suggest instead: This document defines a new HTTP header that enables user agents (UAs) to determine which Subject Public Key Info (SPKI) structures will be present in the web host's certificate chain in future TLS [RFC5246] connections. 2.1: Public-Key-Directives = [ directive ] *( OWS ";" OWS [ directive ] ) Are you sure that's correct? First of all, it may be completely empty. That seems like something you wouldn't want. Second of all, it allows for semicolons without directives between them, which may or may not be what you want. It's not clear to me why you made this semicolon-delimited instead of comma-delimited, which would be much more in line with the rest of HTTP. Then you'd simply get: Public-Key-Directives = 1#directive But if you insist on semicolons, you want either: Public-Key-Directives = directive *( OWS ";" OWS directive ) or if you want to allow for empty elements: Public-Key-Directives = *( ";" OWS ) directive *( OWS ";" [ OWS directive ] ) If the following is acceptable: Public-Key-Directives: ;;;;; then your original is fine. s/hahs/hash 10.1: Update 4627 to 7159 I think W3C.REC-html401-19991224 is informative. This document says that you MUST NOT do what's in that document.
- [websec] Pete Resnick's No Objection on draft-iet… Pete Resnick
- Re: [websec] Pete Resnick's No Objection on draft… Ryan Sleevi