[websec] Issue 52 - Key pinning draft should clarify max-age as required
"Ryan Sleevi" <ryan-ietfhasmat@sleevi.com> Tue, 05 March 2013 00:56 UTC
Return-Path: <ryan-ietfhasmat@sleevi.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C1A121F88AC for <websec@ietfa.amsl.com>; Mon, 4 Mar 2013 16:56:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.74
X-Spam-Level:
X-Spam-Status: No, score=-0.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SG8B0q+Fab+Y for <websec@ietfa.amsl.com>; Mon, 4 Mar 2013 16:56:25 -0800 (PST)
Received: from homiemail-a71.g.dreamhost.com (caiajhbdcagg.dreamhost.com [208.97.132.66]) by ietfa.amsl.com (Postfix) with ESMTP id EE40821F8891 for <websec@ietf.org>; Mon, 4 Mar 2013 16:56:24 -0800 (PST)
Received: from homiemail-a71.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTP id A0033428075 for <websec@ietf.org>; Mon, 4 Mar 2013 16:56:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=message-id :date:subject:from:to:reply-to:mime-version:content-type: content-transfer-encoding; s=sleevi.com; bh=SOh1EgdCg1Kn13lV8mo+ OrXk0DY=; b=tP9aszglkVLFfJdOwIUf4/2MGZzM20TskLEpnVYDVPtcIq3wqUa3 ANiQRHZw49ZYQ70Jmlux6XzZn6JJctmIRivFOpKVIj3L+J3pPCUpONVrOcQpW0vB 39V8vrvSdWyL4CFYnP7wXl4VQF+uSCCpc4Xm4BlKokFflma3rv3drwc=
Received: from webmail.dreamhost.com (caiajhbihbdd.dreamhost.com [208.97.187.133]) (Authenticated sender: ryan@sleevi.com) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTPA id 8308242806E for <websec@ietf.org>; Mon, 4 Mar 2013 16:56:24 -0800 (PST)
Received: from 216.239.45.93 (proxying for 216.239.45.93) (SquirrelMail authenticated user ryan@sleevi.com) by webmail.dreamhost.com with HTTP; Mon, 4 Mar 2013 16:56:24 -0800
Message-ID: <d7f19a6748738de27ee5080bc81b1b75.squirrel@webmail.dreamhost.com>
Date: Mon, 04 Mar 2013 16:56:24 -0800
From: Ryan Sleevi <ryan-ietfhasmat@sleevi.com>
To: websec@ietf.org
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: [websec] Issue 52 - Key pinning draft should clarify max-age as required
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ryan-ietfhasmat@sleevi.com
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2013 00:56:25 -0000
This was one of the outstanding issues from draft-03, raised in http://trac.tools.ietf.org/wg/websec/trac/ticket/52 The Chrises and I believe this has been addressed sufficiently in draft-04, through the clarifications in http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-2.1.1 and http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-2.3.1 Are there any objections to closing this out?