Re: [websec] handling STS header field extendability

Tobias Gondrom <tobias.gondrom@gondrom.org> Tue, 14 August 2012 09:55 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 449AB21F861E for <websec@ietfa.amsl.com>; Tue, 14 Aug 2012 02:55:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.04
X-Spam-Level:
X-Spam-Status: No, score=-97.04 tagged_above=-999 required=5 tests=[AWL=-1.678, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DGM2O23S6Qcj for <websec@ietfa.amsl.com>; Tue, 14 Aug 2012 02:54:59 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id 61BD721F85F4 for <websec@ietf.org>; Tue, 14 Aug 2012 02:54:59 -0700 (PDT)
Received: (qmail 30135 invoked from network); 14 Aug 2012 11:54:57 +0200
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.65?) (94.194.102.93) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 14 Aug 2012 11:54:57 +0200
Message-ID: <502A2070.9030404@gondrom.org>
Date: Tue, 14 Aug 2012 10:54:56 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: websec@ietf.org
References: <5024352D.4040604@KingsMountain.com> <CAOuvq23dxoKyV2No55WEYePhVj+Fcab5cF65C1FsiqgtmEkXMA@mail.gmail.com> <CAC4RtVCrfqi=7CfWsWLoQyQRuvGHj4hKAWQt8Pz3zHiiD4n4Cg@mail.gmail.com> <006FEB08D9C6444AB014105C9AEB133F017A7F9331A9@il-ex01.ad.checkpoint.com>
In-Reply-To: <006FEB08D9C6444AB014105C9AEB133F017A7F9331A9@il-ex01.ad.checkpoint.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] handling STS header field extendability
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 09:55:00 -0000

On 14/08/12 08:12, Yoav Nir wrote:
> Right.
>
> As a reminder, the proposed resolution is as follows:
>
>   * Do not establish a registry now
>        Let the first new header field specification establish it
>
>   * A client that gets an unknown field ignores it
>        This means no mandatory-to-understand extensions
>
> At this stage, a +1 response is OK though not necessary (we got plenty of those in the room), but any disagreement should come with an explanation.

<hat="individual">
+1. ;-)

Ps.: and thanks to Yoav for framing the topic.

>
> Thanks
>
> Yoav
>
> ================================================================
> From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On Behalf Of Barry Leiba
> Sent: Tuesday, August 14, 2012 7:14 AM
> To: IETF WebSec WG
> Subject: Re: [websec] handling STS header field extendability
>
> Please forgive my ignorance, but do LockCA and/or LockEV offer any
> functionality that you can't already get with public key pinning as
> currently specified?
>
>   Folks, this thread has rather been hijacked.  We need to have some WG input on what registration policy to recommend for a possible future STS header field registry.  That's what this thread is for, and I need to see some WG discussion about it in order that Jeff may finish the document and that I may move it forward.
>
> Please take discussion of LockCA and LockEV to another thread.
>
> Thanks,
> Barry
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec