Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06 until April-9

Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 19 March 2012 19:59 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 270F121F86F7 for <websec@ietfa.amsl.com>; Mon, 19 Mar 2012 12:59:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.588
X-Spam-Level:
X-Spam-Status: No, score=-96.588 tagged_above=-999 required=5 tests=[AWL=0.190, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0jeuoGsNoUgf for <websec@ietfa.amsl.com>; Mon, 19 Mar 2012 12:59:11 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 02D0621F86F6 for <websec@ietf.org>; Mon, 19 Mar 2012 12:59:10 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=jhsLr0yyySY/sOcpdH1aPYcRXlGWe7DA0fQqjJuFtGmkcrArO+u877+ehk32fHBIP8lt7P2CoUdcClgWHZAnXXUaoljxhobAt2khzID0JSj3uQDlDO3/54dpqSqL+6fH; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:X-Priority:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Received: (qmail 1170 invoked from network); 19 Mar 2012 20:59:08 +0100
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.76?) (94.194.102.93) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 19 Mar 2012 20:59:08 +0100
Message-ID: <4F67900C.8000908@gondrom.org>
Date: Mon, 19 Mar 2012 19:59:08 +0000
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: julian.reschke@gmx.de
X-Priority: 4 (Low)
References: <4F66623F.9000300@gondrom.org> <4F66FDF1.9090306@gmx.de>
In-Reply-To: <4F66FDF1.9090306@gmx.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: websec@ietf.org
Subject: Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06 until April-9
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 19:59:12 -0000

Julian,

thank you for the reminder. I agree that we have to discuss this during 
our WG LC (and before we go to IETF LC).
Definitely yes, to discuss this at our meeting in Paris.

Best regards, Tobias


On 19/03/12 09:35, Julian Reschke wrote:
> On 2012-03-18 23:31, Tobias Gondrom wrote:
>> Hello dear websec fellows,
>>
>> after reading the feedback, tracker entries and the updates on the HSTS
>> draft, the WG chairs and secretary have the impression that the draft is
>> in good shape and we like to ask for WG Last Call for this document:
>> http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-06
>>
>> As we are close to the IETF meeting in Paris, this last call will be
>> extended to three weeks and close on April-9. Please make a last careful
>> review of the draft and submit comments, questions and discuss items for
>> this draft ASAP. You can submit them via email to the mailing-list or
>> make entries for HSTS in the tracker. If you perceive any major issues,
>> it might also make sense to raise them during our meeting in Paris on
>> March-26.
>>
>> Kind regards and thank you,
>> ...
>
> I'd like to point out that I still think my concerns over the 
> inconsistent use of quoted-string 
> (<http://www.ietf.org/mail-archive/web/websec/current/msg01044.html>) 
> are valid and not addressed; and I think they should be before you go 
> to IETF LC.
>
> Note that since we had a long discussion with Adam Barth about 
> quoted-string, Chrome has started supporting it in 
> Content-Disposition, and a similar fix for Content-Type is in 
> preparation 
> (<http://code.google.com/p/chromium/issues/detail?id=103361#c7>).
>
> In <http://www.ietf.org/mail-archive/web/websec/current/msg01045.html> 
> Jeff points out that Firefox doesn't support quoted-string in all 
> parameters, but IMHO that's a bogus argument because it currently 
> doesn't support q-s *at all*; so it will need to be fixed to conform 
> to the current spec as well (see 
> <https://bugzilla.mozilla.org/show_bug.cgi?id=718409>).
>
> I believe this could be a useful discussion topic for Paris.
>
> Best regards, Julian