Re: [websec] New draft of HTTP header-based public key pinning
Yoav Nir <ynir@checkpoint.com> Wed, 09 November 2011 07:14 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E6FD11E80B7 for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 23:14:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.329
X-Spam-Level:
X-Spam-Status: No, score=-10.329 tagged_above=-999 required=5 tests=[AWL=0.270, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1IB+cXSJ2Zw2 for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 23:14:41 -0800 (PST)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 8425011E80A6 for <websec@ietf.org>; Tue, 8 Nov 2011 23:14:38 -0800 (PST)
X-CheckPoint: {4EBA27EA-10002-1B221DC2-FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id pA97EZxg027971; Wed, 9 Nov 2011 09:14:35 +0200
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 9 Nov 2011 09:14:35 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Chris Palmer <palmer@google.com>, IETF WebSec WG <websec@ietf.org>, Chris Evans <cevans@google.com>
Date: Wed, 09 Nov 2011 09:09:51 +0200
Thread-Topic: [websec] New draft of HTTP header-based public key pinning
Thread-Index: AcyerzuuuvQwjO/0SpGPTGyha6W0Tw==
Message-ID: <CADFF326.90C1%ynir@checkpoint.com>
In-Reply-To: <CAOuvq21Ne0CWT3Dzn0sutGDBg0K+efZhxmqBZiLuxbO2OwxnFg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Ian Fette <ifette@google.com>, Wan-Teh Chang <wtc@google.com>
Subject: Re: [websec] New draft of HTTP header-based public key pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 07:14:41 -0000
On 11/9/11 1:57 AM, "Chris Palmer" <palmer@google.com> wrote: >Hi all, > >I tried to get this in by the deadline last week, but I had formatting >errors at the last minute (the draft name had changed to reflect its >non-HSTS nature, so the submission form rejected my version of -01! >Sigh), and then it cuts you off at 5:00 PST. Ah well. I've attached >the .txt form of the latest draft, and Ian Fette and Wan-Teh Chang >will be with you in Taipei. Only Ian has officially signed on to >represent this proposal at the meeting, though. Hi Chris. In case you don't know, the embargo on submitting drafts is lifted when IETF week starts, so that's next Monday, plenty of time before the meeting on Wednesday. I don't really understand the logic of this, but you can. Yoav
- [websec] New draft of HTTP header-based public ke… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Tom Ritter
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Steingruebl, Andy
- Re: [websec] New draft of HTTP header-based publi… Chris Evans
- Re: [websec] New draft of HTTP header-based publi… Yoav Nir
- Re: [websec] New draft of HTTP header-based publi… Julian Reschke
- Re: [websec] New draft of HTTP header-based publi… Adam Barth
- Re: [websec] New draft of HTTP header-based publi… Steingruebl, Andy
- Re: [websec] New draft of HTTP header-based publi… Adam Barth
- Re: [websec] New draft of HTTP header-based publi… Paul Hoffman
- Re: [websec] New draft of HTTP header-based publi… Adam Barth
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Julian Reschke
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Julian Reschke
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Ryan Sleevi
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer