[websec] Last Call: <draft-ietf-websec-strict-transport-sec-11.txt> (HTTP Strict Transport Security (HSTS)) to Proposed Standard

The IESG <iesg-secretary@ietf.org> Wed, 11 July 2012 15:09 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 72AC321F8714; Wed, 11 Jul 2012 08:09:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.525
X-Spam-Status: No, score=-102.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xKoK8kETwbRi; Wed, 11 Jul 2012 08:09:08 -0700 (PDT)
Received: from ietfa.amsl.com (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id BE25521F870E; Wed, 11 Jul 2012 08:09:08 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120711150908.6635.16188.idtracker@ietfa.amsl.com>
Date: Wed, 11 Jul 2012 08:09:08 -0700
Cc: websec@ietf.org
Subject: [websec] Last Call: <draft-ietf-websec-strict-transport-sec-11.txt> (HTTP Strict Transport Security (HSTS)) to Proposed Standard
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 15:09:09 -0000

The IESG has received a request from the Web Security WG (websec) to
consider the following document:
- 'HTTP Strict Transport Security (HSTS)'
  <draft-ietf-websec-strict-transport-sec-11.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-07-25. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.


   This specification defines a mechanism enabling web sites to declare
   themselves accessible only via secure connections, and/or for users
   to be able to direct their user agent(s) to interact with given sites
   only over secure connections.  This overall policy is referred to as
   HTTP Strict Transport Security (HSTS).  The policy is declared by web
   sites via the Strict-Transport-Security HTTP response header field,
   and/or by other means, such as user agent configuration, for example.

The file can be obtained via

IESG discussion can be tracked via

This Proposed Standard has downrefs to the following Informational RFCs:
   RFC 2818, HTTP Over TLS
   RFC 5895, Mapping Characters for IDNA
...and a normative reference to the following obsolete RFC, which is cited alongside its replacement:
   RFC 3490, Internationalizing Domain Names in Applications

No IPR declarations have been submitted directly on this I-D.