Re: [websec] [Gen-art] Gen-ART LC Review of draft-ietf-websec-strict-transport-sec-11
Ben Campbell <ben@estacado.net> Fri, 10 August 2012 21:58 UTC
Return-Path: <ben@estacado.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E60221F865E; Fri, 10 Aug 2012 14:58:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1bz59dq3Dy9; Fri, 10 Aug 2012 14:58:37 -0700 (PDT)
Received: from estacado.net (vicuna.estacado.net [4.30.77.35]) by ietfa.amsl.com (Postfix) with ESMTP id 69D6221F865C; Fri, 10 Aug 2012 14:58:36 -0700 (PDT)
Received: from [10.12.11.64] ([10.12.11.64]) (authenticated bits=0) by estacado.net (8.14.3/8.14.3) with ESMTP id q7ALttiU010516 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 10 Aug 2012 16:55:55 -0500 (CDT) (envelope-from ben@estacado.net)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1485\))
From: Ben Campbell <ben@estacado.net>
In-Reply-To: <50257E43.8010005@KingsMountain.com>
Date: Fri, 10 Aug 2012 16:55:47 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <570BD336-2C91-4C7E-AC03-9FD5423AEB35@estacado.net>
References: <50257E43.8010005@KingsMountain.com>
To: =JeffH <Jeff.Hodges@kingsmountain.com>
X-Mailer: Apple Mail (2.1485)
X-Mailman-Approved-At: Fri, 10 Aug 2012 16:43:00 -0700
Cc: Ben Campbell <ben@nostrum.com>, IETF Discussion List <ietf@ietf.org>, General Area Review Team <gen-art@ietf.org>, IETF WebSec WG <websec@ietf.org>, draft-ietf-websec-strict-transport-sec.all@tools.ietf.org
Subject: Re: [websec] [Gen-art] Gen-ART LC Review of draft-ietf-websec-strict-transport-sec-11
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2012 21:58:38 -0000
On Aug 10, 2012, at 4:33 PM, =JeffH <Jeff.Hodges@kingsmountain.com> wrote: > Thanks Ben. > > > Jeff and I had a f2f discussion about this point in Vancouver. To paraphrase > > (and I assume he will correct me if if I mischaracterize anything), Jeff > > indicated that this really wasn't a MUST level requirement due to the > > variation and vagaries in application behavior and abilities. > > Yes, see the NOTE in section 7.2. > > > Rather, it's > > more of a "do the best you can" sort of thing. Specifically, he indicated > > that an implementation that chose to go ahead and serve unprotected content > > due to the listed caveats on redirecting to HTTPS would necessarily be > > out-of-compliance. > > I presume you actually mean "not necessarily", which would then be correct, unless I'm misunderstanding something. Oops, you are correct, that's a typo. > > > > If the requirement really that you SHOULD NOT (rather than MUST NOT) serve > > unprotected content, then I think the original language is okay. > > agreed. > > thanks, > > =JeffH > > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… =JeffH
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… Yoav Nir
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… Ben Campbell
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… Ben Campbell
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… Alexey Melnikov
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… Tobias Gondrom
- Re: [websec] [Gen-art] Gen-ART LC Review of draft… Ben Campbell
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… =JeffH
- Re: [websec] [Gen-art] Gen-ART LC Review of draft… Ben Campbell
- Re: [websec] Gen-ART LC Review of draft-ietf-webs… =JeffH