IETF Logo Mail Archive

Re: [websec] New draft of HTTP header-based public key pinning

Yoav Nir <ynir@checkpoint.com> Wed, 09 November 2011 07:14 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E6FD11E80B7 for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 23:14:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.329
X-Spam-Level:
X-Spam-Status: No, score=-10.329 tagged_above=-999 required=5 tests=[AWL=0.270, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1IB+cXSJ2Zw2 for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 23:14:41 -0800 (PST)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 8425011E80A6 for <websec@ietf.org>; Tue, 8 Nov 2011 23:14:38 -0800 (PST)
X-CheckPoint: {4EBA27EA-10002-1B221DC2-FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id pA97EZxg027971; Wed, 9 Nov 2011 09:14:35 +0200
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 9 Nov 2011 09:14:35 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Chris Palmer <palmer@google.com>, IETF WebSec WG <websec@ietf.org>, Chris Evans <cevans@google.com>
Date: Wed, 09 Nov 2011 09:09:51 +0200
Thread-Topic: [websec] New draft of HTTP header-based public key pinning
Thread-Index: AcyerzuuuvQwjO/0SpGPTGyha6W0Tw==
Message-ID: <CADFF326.90C1%ynir@checkpoint.com>
In-Reply-To: <CAOuvq21Ne0CWT3Dzn0sutGDBg0K+efZhxmqBZiLuxbO2OwxnFg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Ian Fette <ifette@google.com>, Wan-Teh Chang <wtc@google.com>
Subject: Re: [websec] New draft of HTTP header-based public key pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 07:14:41 -0000

On 11/9/11 1:57 AM, "Chris Palmer" <palmer@google.com> wrote:

>Hi all,
>
>I tried to get this in by the deadline last week, but I had formatting
>errors at the last minute (the draft name had changed to reflect its
>non-HSTS nature, so the submission form rejected my version of -01!
>Sigh), and then it cuts you off at 5:00 PST. Ah well. I've attached
>the .txt form of the latest draft, and Ian Fette and Wan-Teh Chang
>will be with you in Taipei. Only Ian has officially signed on to
>represent this proposal at the meeting, though.

Hi Chris.

In case you don't know, the embargo on submitting drafts is lifted when
IETF week starts, so that's next Monday, plenty of time before the meeting
on Wednesday.

I don't really understand the logic of this, but you can.

Yoav

v2.23.0 | Report a Bug | By Email