IETF Logo Mail Archive

Re: [websec] [Technical Errata Reported] RFC6797 (4075)

Barry Leiba <barryleiba@computer.org> Sun, 10 August 2014 15:02 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72BD1A0748 for <websec@ietfa.amsl.com>; Sun, 10 Aug 2014 08:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrKq8saZY-qv for <websec@ietfa.amsl.com>; Sun, 10 Aug 2014 08:02:06 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 320CF1A0741 for <websec@ietf.org>; Sun, 10 Aug 2014 08:02:03 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id pn19so5867517lab.24 for <websec@ietf.org>; Sun, 10 Aug 2014 08:02:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=LLEDlg14wdZVX0qL1OxlAOHXnE4nvtTNCegqnTJhCxs=; b=QQrl+YmFeTqWvHLoSKkSVFawruN8cwllQvW6B9ctSilbAF7JPFoJYdkRu2t7L2JCxx EnW3br/OGR7BRHaRbhyQrAICcdjpLNXJynt51TufTg8Xpxm3rWjQ8h5D3utxG9/VF7qM 3slHfa3DmQmojGOYNuh+O7+F+Gqf6HdfKF//xRK7OlquEzoKzvPWC9PI2WckKhvN+t9w 5PC8bYkllqS0xZ4Qee8Y77tuXMW14kQziBV1rUKUyLZ3U5TguiHSnhwnPI3oypd64KL3 5yLw6BEminDkqWfYSDa28blMtHkANFoqZ8rxEjB6OJfSnjOnNMe4XwmfWULAGwqOc62T fm9Q==
MIME-Version: 1.0
X-Received: by 10.152.36.135 with SMTP id q7mr33316333laj.42.1407682922235; Sun, 10 Aug 2014 08:02:02 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.152.8.46 with HTTP; Sun, 10 Aug 2014 08:02:02 -0700 (PDT)
In-Reply-To: <E9C1EFBA-F9C6-4196-9C6B-A7F3707E7137@gmail.com>
References: <20140808190533.56A431801A4@rfc-editor.org> <CALaySJJB=g_gD9rFVoLU7JW7SkVvq9bK_H71TdPq3-em0JLFfQ@mail.gmail.com> <COL131-DS14E7BAAD30061ECA07D1D5F0EE0@phx.gbl> <CALaySJJe6v7JwceN+TucqtdJWA9dh3+oj6-awYXHJwY6iZEvzA@mail.gmail.com> <151DC1A6-B162-4EF7-A78B-3723A64F7D84@gmail.com> <COL131-DS10F844603100882CC36852F0EE0@phx.gbl> <85006244-94CE-4AD8-9042-4C8CDF216C12@gmail.com> <53E75740.1060200@gondrom.org> <11E76DB3-F10C-4C1C-9720-97F590639044@gmail.com> <53E75BF8.2060204@gondrom.org> <E9C1EFBA-F9C6-4196-9C6B-A7F3707E7137@gmail.com>
Date: Sun, 10 Aug 2014 11:02:02 -0400
X-Google-Sender-Auth: YxSSeTvzt5le1TO1FVjKBVptm7Y
Message-ID: <CALaySJLvC5fTvOg=73689z=B4Fv1jT=61GOMeJgOcmmuUErPow@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/psvkY2bMB8jQ6-UlpGhLAbhAC1U
Cc: Eric Lawrence <e_lawrence@hotmail.com>, Jeff Hodges <Jeff.Hodges@paypal.com>, Pete Resnick <presnick@qti.qualcomm.com>, "websec@ietf.org" <websec@ietf.org>, Collin Jackson <collin.jackson@sv.cmu.edu>
Subject: Re: [websec] [Technical Errata Reported] RFC6797 (4075)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Aug 2014 15:02:11 -0000

>> I agree, this is an "update" and not an "errata".
>>
>> However, am not sure how to best retain this information:
>> Because this is a good point for a best practice.
>> And be it only in advising the best practice when using HSTS, like
>> simply including one link to the parent https://example.com to avoid
>> having unprotected parent-domains.
>
> Well, if we could talk Eric into writing a draft...
...
> So we get an Informational draft called "best practices in using HSTS". 2
> pages long unless we rathole and add lots of stuff.

That absolutely seems the best approach, and have it "update" 6797.  I
would love it if Eric would be a co-author, and I think we can keep
the working group going long enough to do this.

To Tobias's more general question of where we keep track of these
sorts of things when we don't have a working group to pick it up and
go with it:  Yes, that's something we've been discussing.  If we have
a former working group to work from, there's a wiki on tools.ietf.org
(websec's is at <http://trac.tools.ietf.org/wg/websec/trac/wiki>, and
it's entirely unused, but some working groups do use theirs).  I've
been suggesting that we make a habit of keeping updates, change
requests, follow-on notes, and other non-errata things there, on the
appropriate current or former WG wiki.  If there's no obvious WG, we
can use the appsawg wiki at
<http://trac.tools.ietf.org/wg/appsawg/trac/wiki> for App Area stuff.
The only bad thing about that is that there's no pointer from the RFC
to the appropriate wiki, and we've talked about establishing some sort
of per-RFC wiki also, or maybe just a per-RFC pointer to a wiki.

Barry

v2.23.0 | Report a Bug | By Email