Re: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 01 May 2012 13:44 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 965C621E809C for <websec@ietfa.amsl.com>; Tue, 1 May 2012 06:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.626
X-Spam-Level:
X-Spam-Status: No, score=-102.626 tagged_above=-999 required=5 tests=[AWL=-0.027, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9o7jEtjWnLxn for <websec@ietfa.amsl.com>; Tue, 1 May 2012 06:44:07 -0700 (PDT)
Received: from mail.cloudmark.com (cmgw1.cloudmark.com [208.83.136.25]) by ietfa.amsl.com (Postfix) with ESMTP id EA10C21E80C8 for <websec@ietf.org>; Tue, 1 May 2012 06:44:07 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com ([72.5.239.25]) by mail.cloudmark.com with bizsmtp id 4dk11j0010ZaKgw01dk1Tj; Tue, 01 May 2012 06:44:07 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=WuKpwKjv c=1 sm=1 a=LdFkGDrDWH2mcjCZERnC4w==:17 a=ldJM1g7oyCcA:10 a=Pip2rxCYUeAA:10 a=zutiEJmiVI4A:10 a=kj9zAlcOel0A:10 a=xqWC_Br6kY4A:10 a=48vgC7mUAAAA:8 a=iaFxQ7KoavX-IZ4UVGMA:9 a=CjuIK1q_8ugA:10 a=_RhRFcbxBZMA:10 a=lZB815dzVvQA:10 a=LdFkGDrDWH2mcjCZERnC4w==:117
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by exch-htcas901.corp.cloudmark.com ([fe80::2524:76b6:a865:539c%10]) with mapi id 14.01.0355.002; Tue, 1 May 2012 06:43:37 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec
Thread-Index: Ac0l10W9SlaETdSSRZWdVKRKL9SkswBVntWAAAXqgAAAGcuogAADHYPA
Date: Tue, 1 May 2012 13:43:36 +0000
Message-ID: <9452079D1A51524AA5749AD23E003928107DBB@exch-mbx901.corp.cloudmark.com>
References: <9452079D1A51524AA5749AD23E003928106147@exch-mbx901.corp.cloudmark.com> <4F9EC5BD.7000404@gmx.de> <9452079D1A51524AA5749AD23E0039281075DB@exch-mbx901.corp.cloudmark.com> <4F9F9A8D.8080004@gmx.de>
In-Reply-To: <4F9F9A8D.8080004@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [67.160.203.60]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudmark.com; s=default; t=1335879847; bh=2g33PJv/rvs6t5CvpAvGBpByGHNjSlkX4yGdY9hX4bE=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=KFQJORl/i8yw3HgwgUVz1FKNGHy92sDnbqKuSOlncrmtHua+4NnmEgMlyYSMHcUys 2aiQHi+SBBUMKX7KavvkOooHUbYBTlTCrD4bpAIWBOtNCrvXnepjy/1jqNhOLXgUIp n72tg4AsxXFIzpYgtfCpADQYjmdTwy87TBh7LHFU=
Cc: "draft-ietf-websec-strict-transport-sec@tools.ietf.org" <draft-ietf-websec-strict-transport-sec@tools.ietf.org>, "websec@ietf.org" <websec@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 13:44:08 -0000

> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke@gmx.de]
> Sent: Tuesday, May 01, 2012 1:11 AM
> To: Murray S. Kucherawy
> Cc: apps-discuss@ietf.org; websec@ietf.org; draft-ietf-websec-strict-transport-sec@tools.ietf.org
> Subject: Re: [websec] AppsDir review of draft-ietf-websec-strict-transport-sec
> 
> > Why not just say "delta-seconds is defined in Section 3.3.2 of
> > [RFC2616]" and leave out the restatement of the ABNF?  Then it's truly
> > only specified in one place.
> 
> That's *exactly* what the prose ABNF rule is doing; except that it
> makes the in-spec ABNF complete.

Yes, and I'm saying I think that's a risky thing to do.  Granted, in this particular case it's pretty hard to copy and get wrong, but in general it's safer to point to an authoritative definition of something rather than copy it just so it's all local.

-MSK