IETF Logo Mail Archive

Re: [websec] [Technical Errata Reported] RFC6797 (4075)

Yoav Nir <ynir.ietf@gmail.com> Sun, 10 August 2014 11:41 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B9531A06EA for <websec@ietfa.amsl.com>; Sun, 10 Aug 2014 04:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jFPbikDGNNZS for <websec@ietfa.amsl.com>; Sun, 10 Aug 2014 04:41:00 -0700 (PDT)
Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com [IPv6:2a00:1450:400c:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C943A1A06E8 for <websec@ietf.org>; Sun, 10 Aug 2014 04:40:59 -0700 (PDT)
Received: by mail-we0-f174.google.com with SMTP id x48so7487554wes.19 for <websec@ietf.org>; Sun, 10 Aug 2014 04:40:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=tZ3ktCsz2usnzIZWu2SgqLQjWKMWlQKLyDVc0x54Bvk=; b=ig26mBhUndiBMMZqF612lIR95YaDSz/u+NEq8SHS2eln4CVtgIHmRHWKbpD/C4Pqip H1FIRnyb6yf6hvMcc35w9SgY45F6dix+G6hJJh65rsPLemysYlSYwVtndRdCI05/r6ui eCNJ20hDZUMtUsbJB8Wr/B/chvu7w4bDIpdptcRafh9Exu88HTaENgrLoaUnb7d6Vyp/ pF1CMXNKumKwYL8KVByXAlpkqe2sKspaz1M9Ynv7IBz48eHommdogiPtu1BSB++MahZO 0nMnw0xocq1YsUPzSK3HMVnWRqBbj5GaAkb+igGOKosy45ABQN4P3+usChgBbX4lKZhL 30HQ==
X-Received: by 10.194.206.67 with SMTP id lm3mr46182250wjc.70.1407670858387; Sun, 10 Aug 2014 04:40:58 -0700 (PDT)
Received: from [192.168.1.100] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id jx10sm5667888wjc.7.2014.08.10.04.40.57 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 10 Aug 2014 04:40:57 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <53E75740.1060200@gondrom.org>
Date: Sun, 10 Aug 2014 14:40:59 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <11E76DB3-F10C-4C1C-9720-97F590639044@gmail.com>
References: <20140808190533.56A431801A4@rfc-editor.org> <CALaySJJB=g_gD9rFVoLU7JW7SkVvq9bK_H71TdPq3-em0JLFfQ@mail.gmail.com> <COL131-DS14E7BAAD30061ECA07D1D5F0EE0@phx.gbl> <CALaySJJe6v7JwceN+TucqtdJWA9dh3+oj6-awYXHJwY6iZEvzA@mail.gmail.com> <151DC1A6-B162-4EF7-A78B-3723A64F7D84@gmail.com> <COL131-DS10F844603100882CC36852F0EE0@phx.gbl> <85006244-94CE-4AD8-9042-4C8CDF216C12@gmail.com> <53E75740.1060200@gondrom.org>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/ccjIDxNcy05FkTsCXT5tYKvrH_U
Cc: Eric Lawrence <e_lawrence@hotmail.com>, Jeff.Hodges@paypal.com, Pete Resnick <presnick@qti.qualcomm.com>, IETF WebSec WG <websec@ietf.org>, Collin Jackson <collin.jackson@sv.cmu.edu>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [websec] [Technical Errata Reported] RFC6797 (4075)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Aug 2014 11:41:01 -0000

On Aug 10, 2014, at 2:28 PM, Tobias Gondrom <tobias.gondrom@gondrom.org> wrote:

> Thanks.
> 
> I agree, this is an "update" and not an "errata".
> 
> However, am not sure how to best retain this information:
> Because this is a good point for a best practice.
> And be it only in advising the best practice when using HSTS, like
> simply including one link to the parent https://example.com to avoid
> having unprotected parent-domains.

Well, if we could talk Eric into writing a draft…

v2.30.2 | Report a Bug | By Email | System Status