Re: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 01 May 2012 02:55 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5964521E814E for <websec@ietfa.amsl.com>; Mon, 30 Apr 2012 19:55:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.627
X-Spam-Level:
X-Spam-Status: No, score=-102.627 tagged_above=-999 required=5 tests=[AWL=-0.028, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhUSzi9rRSt7 for <websec@ietfa.amsl.com>; Mon, 30 Apr 2012 19:55:44 -0700 (PDT)
Received: from mail.cloudmark.com (cmgw1.cloudmark.com [208.83.136.25]) by ietfa.amsl.com (Postfix) with ESMTP id BDF5A21E80BA for <websec@ietf.org>; Mon, 30 Apr 2012 19:55:44 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com ([72.5.239.26]) by mail.cloudmark.com with bizsmtp id 4SvT1j0010as01C01SvTHj; Mon, 30 Apr 2012 19:55:33 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=T7IOvo2Q c=1 sm=1 a=QMZKka45TBd+hNGtXG2bIg==:17 a=ldJM1g7oyCcA:10 a=Pip2rxCYUeAA:10 a=zutiEJmiVI4A:10 a=kj9zAlcOel0A:10 a=xqWC_Br6kY4A:10 a=48vgC7mUAAAA:8 a=gZYdKlMGs4HJI1Aa6poA:9 a=YStEGMaWOOYe8RdfCE0A:7 a=CjuIK1q_8ugA:10 a=_RhRFcbxBZMA:10 a=lZB815dzVvQA:10 a=QMZKka45TBd+hNGtXG2bIg==:117
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by exch-htcas902.corp.cloudmark.com ([fe80::54de:dc60:5f3e:334%10]) with mapi id 14.01.0355.002; Mon, 30 Apr 2012 19:55:27 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec
Thread-Index: Ac0l10W9SlaETdSSRZWdVKRKL9SkswBVntWAAAXqgAA=
Date: Tue, 1 May 2012 02:55:27 +0000
Message-ID: <9452079D1A51524AA5749AD23E0039281075DB@exch-mbx901.corp.cloudmark.com>
References: <9452079D1A51524AA5749AD23E003928106147@exch-mbx901.corp.cloudmark.com> <4F9EC5BD.7000404@gmx.de>
In-Reply-To: <4F9EC5BD.7000404@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [67.160.203.60]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudmark.com; s=default; t=1335840933; bh=S6mz8zB+L5fF8JFr5cKqQHi3fE6efDPpk2WspI3Et7E=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=oEU1SIO0XhaUJ+SBofypfUFvFr8d5+tbyO6ZSIbXG1p9ie0zphde5s6yf/In5MTtB CWR+f5G+Es15hPm4j+oh2fhghijiHJTHmG69fzvxDCr/YUsrG9anxumpVUYTJuJOsm 0nLMiMmET9svLAQaXCIPYp1IInv8lNwK3mEDAGdA=
Cc: "draft-ietf-websec-strict-transport-sec@tools.ietf.org" <draft-ietf-websec-strict-transport-sec@tools.ietf.org>, "websec@ietf.org" <websec@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 02:55:45 -0000

> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke@gmx.de]
> Sent: Monday, April 30, 2012 10:03 AM
> To: Murray S. Kucherawy
> Cc: apps-discuss@ietf.org; websec@ietf.org; draft-ietf-websec-strict-transport-sec@tools.ietf.org
> Subject: Re: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec
> 
> On 2012-04-29 09:11, Murray S. Kucherawy wrote:
>  > ...
> > Section 6.1.1: I think the "delta-seconds" should be:
> >
> > delta-seconds = 1*DIGIT
> >
> > ; defined in Section 3.3.2 of [RFC2616] ...
> 
> That would copy the rule from RFC 2616 "by value".

Why not just say "delta-seconds is defined in Section 3.3.2 of [RFC2616]" and leave out the restatement of the ABNF?  Then it's truly only specified in one place.

> > The angle-bracket notation you have there doesn't seem to be normal.
> > ...
> 
> It's a prose rule; see RFC 5234 prose-val. It's used here to define the
> ABNF rule "by reference".

RFC5234 also says it should be used as a "last resort".  This is such a simple definition that it doesn't seem to qualify.

-MSK