Re: [websec] new rev: draft-ietf-websec-strict-transport-sec-13
Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 24 September 2012 11:44 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF0FC21F8617 for <websec@ietfa.amsl.com>; Mon, 24 Sep 2012 04:44:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.062
X-Spam-Level:
X-Spam-Status: No, score=-94.062 tagged_above=-999 required=5 tests=[AWL=1.299, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ANR0LgkUQEay for <websec@ietfa.amsl.com>; Mon, 24 Sep 2012 04:44:33 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id 92FA621F85C3 for <websec@ietf.org>; Mon, 24 Sep 2012 04:44:32 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=fJS7MHxOoWYlRZ/+Dws34s6PCtGBTgbeQqZ51x9SRAMtcaosoDYLf4yjYrUKSrgZLGKiJ5k4fOUM0VysR2Fev2xIk/vJwsKON/tD1dZpWhC1anVw735DGAGtwW6euJ8T; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type;
Received: (qmail 9265 invoked from network); 24 Sep 2012 13:44:30 +0200
Received: from n2028211917.imsbiz.com (HELO ?10.65.1.33?) (202.82.119.17) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 24 Sep 2012 13:44:29 +0200
Message-ID: <5060479A.2010604@gondrom.org>
Date: Mon, 24 Sep 2012 19:44:26 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: websec@ietf.org
References: <5053C477.6010607@KingsMountain.com>
In-Reply-To: <5053C477.6010607@KingsMountain.com>
Content-Type: multipart/alternative; boundary="------------080609050206080105070307"
Cc: barryleiba@computer.org
Subject: Re: [websec] new rev: draft-ietf-websec-strict-transport-sec-13
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2012 11:44:34 -0000
Hello Jeff and websec fellows, <hat="WG chair"> and <hat="document shepherd"> thanks a lot for the latest version and to my understanding it indeed closes all open issues. For all fyi: Please note that the update in section 6.1 item 5. declares that future registries will be using IETF review for creation/defining. "Additional directives extending the semantic functionality of the STS header field can be defined in other specifications, with a registry (having an IANA policy definition of IETF Review [RFC5226]) defined for them at such time." There has been some discussion on this, but to my understanding no major conflicts have been raised with the proposed approach. <taking all hats off> Best regards and see you soon in Atlanta, Tobias On 15/09/12 07:57, =JeffH wrote: > New rev: > https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-13 > > please see change log excerpt included below for details. AFAIK this > is ready for submission to IESG and IETF-wide Last Call. > > > full issue ticket list for strict-transport-sec: > <http://trac.tools.ietf.org/wg/websec/trac/query?status=assigned&status=closed&status=new&status=reopened&component=strict-transport-sec&order=id> > > > Redline spec diff from previous rev: > https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-websec-strict-transport-sec-13.txt > > > side-by-side diff from previous rev: > https://tools.ietf.org/rfcdiff?url2=draft-ietf-websec-strict-transport-sec-13.txt > > > > All issue tickets are closed. > > Change Log for this rev is below. > > > =JeffH > > > ============================================================== > > Appendix D. Change Log > > [RFCEditor: please remove this section upon publication as an RFC.] > > Changes are grouped by spec revision listed in reverse issuance > order. > > D.1. For draft-ietf-websec-strict-transport-sec > > Changes from -12 to -13: > > 1. Addressed the IANA registry and IANA registry policy questions > raised in Ben Campbel's Gen-ART LC review. Selected "IETF > Review" for IANA policy. See the portion of this thread from > this message onwards for details: <https://www.ietf.org/ > mail-archive/web/websec/current/msg01355.html> > > 2. Clarified the questions regarding max-age=0 interacting with > includeSubdomains. Expanded section 5. HSTS Mechanism > Overview, Added clarification text and forward ref to S 8.1 > from S 6.1.1. Added two additional examples to S 6.2 which > contain max-age=0. See the thread rooted here for questions > that informed this: <https://www.ietf.org/mail-archive/web/ > websec/current/msg01347.html> > > 3. upgraded ref to draft-ietf-dane-protocol to be to RFC6698. > > Changes from -11 to -12: > > 1. Addressed various issues in Ben Campbel's Gen-ART LC review. > See this message for details: <https://www.ietf.org/ > mail-archive/web/websec/current/msg01324.html> > > Changes from -10 to -11: > > <snip/> > > --- > end > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec
- [websec] new rev: draft-ietf-websec-strict-transp… =JeffH
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Barry Leiba
- Re: [websec] new rev: draft-ietf-websec-strict-tr… =JeffH
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Tobias Gondrom
- [websec] new rev: draft-ietf-websec-strict-transp… =JeffH