IETF Logo Mail Archive

Re: [websec] DISCUSS positions on draft-ietf-websec-key-pinning

Ryan Sleevi <sleevi@google.com> Thu, 14 August 2014 16:20 UTC

Return-Path: <sleevi@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8752C1A09E0 for <websec@ietfa.amsl.com>; Thu, 14 Aug 2014 09:20:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.046
X-Spam-Level:
X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G2WohOzTAtEz for <websec@ietfa.amsl.com>; Thu, 14 Aug 2014 09:20:52 -0700 (PDT)
Received: from mail-vc0-x236.google.com (mail-vc0-x236.google.com [IPv6:2607:f8b0:400c:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0787F1A0890 for <websec@ietf.org>; Thu, 14 Aug 2014 09:20:41 -0700 (PDT)
Received: by mail-vc0-f182.google.com with SMTP id hy4so1686477vcb.13 for <websec@ietf.org>; Thu, 14 Aug 2014 09:20:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FVRQzACVBN56lUuWH8PF0m4S7sG2ZnOfexGRAUtjf+U=; b=S/74z9GlmYghBrq0L4YIRpTb4y39YDLUaApJ4A3stNcHAa/H0iTtDc4mMY3zN0gsw5 yi7bgg6KmsKadHYrmrqgyhJ2BQ8Ne+Vu4ixGk5dX/VbRlq55+ESfIa6liurallY+1QeO Lar/y8zIyF7F8CxXG0pD5lxDCfROiElUEPTWyOXwWa//oznAzeERTqNHSuxl2JZcVCtN p/LPdiMd6voSXR8W9faBJiuN7yJP3FLfmLtBsJG8SSUvrYEC6SN4LrR3to+OvXwjCXae W5ogsDOlBYSuNTftSxNFal7RwrLMYE6tLmCVFbOo5eeIlRtScYRuxWv+m+liwC8Ve/pR iP1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=FVRQzACVBN56lUuWH8PF0m4S7sG2ZnOfexGRAUtjf+U=; b=eR1FIJq8+MonwvCzxk54j4c6aBF/eRCPb2qIXgebr/lm0+1UgV113Gswtgqbz5QH4a IEf0+pZ5AgSt29rNaK22iIs0VW5EizTuVXCNH7olDn4fkZWggFDujUxv2gxJ07DYLC2f ZP7MUOUpRBzSC26t8dA615VyorA+aCD5yycVQ3VCau0aIX2QEKeGFWqNEOFGyEAmiRoO W4uQaip9A1M5FhB+OFsmRyvewToQYTkFHIZBFnWIA1r5S7EWxyf9Kr2BSRw2Xm4bztYY kow+EsvbHGFoDAFQk/p7dlZukTaix1grTUbVrnSHOsyMxDrFYvcNMSfXROeBhjD2ITvv 5Q/A==
X-Gm-Message-State: ALoCoQm/6bDLfRkesnepSIm7m02UQIQZz4ss5Gr2M1jcS60dciogzI99EuVosS+K5OwKJ04GrdZC
MIME-Version: 1.0
X-Received: by 10.220.68.208 with SMTP id w16mr1871736vci.79.1408033241038; Thu, 14 Aug 2014 09:20:41 -0700 (PDT)
Received: by 10.52.139.78 with HTTP; Thu, 14 Aug 2014 09:20:40 -0700 (PDT)
Received: by 10.52.139.78 with HTTP; Thu, 14 Aug 2014 09:20:40 -0700 (PDT)
In-Reply-To: <CAC4RtVDiy-QbHNREsm07+iPzjDiZ1q5GjowZCBnP63nw1ezTAw@mail.gmail.com>
References: <CAC4RtVDiy-QbHNREsm07+iPzjDiZ1q5GjowZCBnP63nw1ezTAw@mail.gmail.com>
Date: Thu, 14 Aug 2014 09:20:40 -0700
Message-ID: <CACvaWvb2HyhgHZJH4-DO0NX=zj2-Mk8r1Ua-we4HRwBp6twFeg@mail.gmail.com>
From: Ryan Sleevi <sleevi@google.com>
To: Barry Leiba <barryleiba@computer.org>
Content-Type: multipart/alternative; boundary="047d7b3a934e2a18e1050099496a"
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/mM_Mr1N12rJZc_RxJ1ukryefljc
X-Mailman-Approved-At: Sat, 16 Aug 2014 17:46:50 -0700
Cc: draft-ietf-websec-key-pinning.all@tools.ietf.org, "<websec@ietf.org>" <websec@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [websec] DISCUSS positions on draft-ietf-websec-key-pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 16:20:55 -0000

On Aug 14, 2014 8:47 AM, "Barry Leiba" <barryleiba@computer.org> wrote:
>
> Websec folks, and especially the document authors:
> We have several DISCUSS ballots on the key-pinning doc (from Stephen,
> Kathleen, and Ted):
>
>    http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/ballot/
>
> ...and I have seen no response from the authors on them.

Hi Barry.

It sounds like you're looking for an acknowledgement of the messages. Just
to confirm, we have received this feedback, and are taking time to ensure
the replies are as considered and thoughtful as the DISCUSS points,
especially as many of these points were discussed early on and thought
addressed by the draft already.

In addition to these poibts, the feedback/recent errata from Eric Lawrence
regarding HSTS is also extremely relevant to the discussion of HPKP, and we
were waiting to see what actions, if any, the WG takes regarding that
draft, lest we find ourselves immediately writing a bis to deal with those
same points.

> Please
> respond soonest, and have the necessary discussions to resolve them.
> Please also consider and respond to the non-blocking comments from
> Alissa, Pete, and Richard.
>
> Yoav, please stay on top of this and do the necessary prodding to keep
> this moving.
>
> Thanks,
> Barry

v2.23.0 | Report a Bug | By Email