Re: [websec] [saag] Pinning
Yoav Nir <ynir@checkpoint.com> Sat, 11 August 2012 21:30 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9329021F858A for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 14:30:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.41
X-Spam-Level:
X-Spam-Status: No, score=-10.41 tagged_above=-999 required=5 tests=[AWL=0.189, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoynlUHmsO6G for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 14:30:27 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id ACA1021F8582 for <websec@ietf.org>; Sat, 11 Aug 2012 14:30:26 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id q7BLUNeI006911; Sun, 12 Aug 2012 00:30:23 +0300
X-CheckPoint: {5026CBE1-0-1B221DC2-4FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 12 Aug 2012 00:30:23 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Tom Ritter <tom@ritter.vg>
Date: Sun, 12 Aug 2012 00:30:22 +0300
Thread-Topic: [websec] [saag] Pinning
Thread-Index: Ac14CIPZgeokpe+LR9W2BRgCmgILvg==
Message-ID: <B08F616B-23CE-48E1-BC9D-611FF640B44C@checkpoint.com>
References: <31946C2A-4ACD-46D7-8977-49B681204A7B@checkpoint.com> <8E52CEC5-4FEB-4464-AB11-21F1B9208C5C@checkpoint.com> <38489744-05A9-45F0-A752-7F0B9E96E641@vpnc.org> <4FCF894B.8080002@gondrom.org> <CAOuvq20iC817T-9U3zWG7S2Z=uU=G0i6usOT915ky+9FO8_Zwg@mail.gmail.com> <24C52325-8B51-4DA0-B21D-DC72E184BB23@checkpoint.com> <CA+cU71m=PZRgG34TTTjby=yCbB_z+i4MjEAtVJKE3uOxcKeA1g@mail.gmail.com>
In-Reply-To: <CA+cU71m=PZRgG34TTTjby=yCbB_z+i4MjEAtVJKE3uOxcKeA1g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Chris Evans <cevans@google.com>, IETF WebSec WG <websec@ietf.org>, Moxie Marlinspike <moxie@thoughtcrime.org>
Subject: Re: [websec] [saag] Pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2012 21:30:27 -0000
Hi Tom On Aug 11, 2012, at 11:57 PM, Tom Ritter wrote: > I don't know IETF procedure for making changes, but one of the > outstanding issues I don't think has been resolved with > draft-ietf-websec-key-pinning-02 is inherited DSA parameters. I > raised this issue here: > http://www.ietf.org/mail-archive/web/websec/current/msg01027.html with > suggested verbiage. That message of yours flew under the radar. I don't know why. The IETF procedure for making changes is to raise the suggestion on the mailing list, and discuss it there until consensus is reached. To help with that, we may use an issue tracker (similar to a bug tracker like bugzilla). I've opened three tickets for the issues in your email: http://trac.tools.ietf.org/wg/websec/trac/ticket/50 http://trac.tools.ietf.org/wg/websec/trac/ticket/51 http://trac.tools.ietf.org/wg/websec/trac/ticket/52 We can start a thread on each of them. Easy way is the editors start the thread with "looking at issue #50, we agree and it seems OK to us. Anyone object?", and then if nobody objects, the text is updated, a new draft is published, and if you think it's OK, we close the ticket. If there are objections (by the editors or others), they get discussed. Yoav
- [websec] Fwd: [saag] Pinning Paul Hoffman
- Re: [websec] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Tobias Gondrom
- Re: [websec] [saag] Pinning Chris Palmer
- Re: [websec] [saag] Pinning Paul Hoffman
- Re: [websec] [saag] Pinning Trevor Perrin
- Re: [websec] [saag] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Tom Ritter
- Re: [websec] [saag] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Jeffrey Hutzelman
- Re: [websec] [saag] Pinning Tony Finch
- Re: [websec] [saag] Pinning Alexey Melnikov
- Re: [websec] [saag] Pinning Tobias Gondrom
- Re: [websec] [saag] Pinning Tobias Gondrom