Re: [websec] handling STS header field extendability
Tobias Gondrom <tobias.gondrom@gondrom.org> Tue, 14 August 2012 09:55 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 449AB21F861E for <websec@ietfa.amsl.com>; Tue, 14 Aug 2012 02:55:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.04
X-Spam-Level:
X-Spam-Status: No, score=-97.04 tagged_above=-999 required=5 tests=[AWL=-1.678, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DGM2O23S6Qcj for <websec@ietfa.amsl.com>; Tue, 14 Aug 2012 02:54:59 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id 61BD721F85F4 for <websec@ietf.org>; Tue, 14 Aug 2012 02:54:59 -0700 (PDT)
Received: (qmail 30135 invoked from network); 14 Aug 2012 11:54:57 +0200
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.65?) (94.194.102.93) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 14 Aug 2012 11:54:57 +0200
Message-ID: <502A2070.9030404@gondrom.org>
Date: Tue, 14 Aug 2012 10:54:56 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: websec@ietf.org
References: <5024352D.4040604@KingsMountain.com> <CAOuvq23dxoKyV2No55WEYePhVj+Fcab5cF65C1FsiqgtmEkXMA@mail.gmail.com> <CAC4RtVCrfqi=7CfWsWLoQyQRuvGHj4hKAWQt8Pz3zHiiD4n4Cg@mail.gmail.com> <006FEB08D9C6444AB014105C9AEB133F017A7F9331A9@il-ex01.ad.checkpoint.com>
In-Reply-To: <006FEB08D9C6444AB014105C9AEB133F017A7F9331A9@il-ex01.ad.checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] handling STS header field extendability
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 09:55:00 -0000
On 14/08/12 08:12, Yoav Nir wrote: > Right. > > As a reminder, the proposed resolution is as follows: > > * Do not establish a registry now > Let the first new header field specification establish it > > * A client that gets an unknown field ignores it > This means no mandatory-to-understand extensions > > At this stage, a +1 response is OK though not necessary (we got plenty of those in the room), but any disagreement should come with an explanation. <hat="individual"> +1. ;-) Ps.: and thanks to Yoav for framing the topic. > > Thanks > > Yoav > > ================================================================ > From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On Behalf Of Barry Leiba > Sent: Tuesday, August 14, 2012 7:14 AM > To: IETF WebSec WG > Subject: Re: [websec] handling STS header field extendability > > Please forgive my ignorance, but do LockCA and/or LockEV offer any > functionality that you can't already get with public key pinning as > currently specified? > > Folks, this thread has rather been hijacked. We need to have some WG input on what registration policy to recommend for a possible future STS header field registry. That's what this thread is for, and I need to see some WG discussion about it in order that Jeff may finish the document and that I may move it forward. > > Please take discussion of LockCA and LockEV to another thread. > > Thanks, > Barry > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec
- Re: [websec] handling STS header field extendabil… =JeffH
- Re: [websec] handling STS header field extendabil… Alexey Melnikov
- [websec] handling STS header field extendability =JeffH
- Re: [websec] handling STS header field extendabil… Chris Palmer
- Re: [websec] handling STS header field extendabil… Tom Ritter
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Collin Jackson
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Collin Jackson
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Chris Palmer
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Hill, Brad
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… Collin Jackson
- Re: [websec] handling STS header field extendabil… Barry Leiba
- Re: [websec] handling STS header field extendabil… Yoav Nir
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… =JeffH
- Re: [websec] handling STS header field extendabil… Yoav Nir
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… Barry Leiba
- Re: [websec] handling STS header field extendabil… =JeffH
- Re: [websec] handling STS header field extendabil… Tobias Gondrom
- Re: [websec] handling STS header field extendabil… Yoav Nir
- Re: [websec] handling STS header field extendabil… Paul Hoffman
- Re: [websec] handling STS header field extendabil… =JeffH