Re: [websec] #37: Clarify that superdomain HSTS flag does not update max-age of subdomain's HSTS max-age and vice versa
"websec issue tracker" <trac+websec@trac.tools.ietf.org> Tue, 12 June 2012 18:24 UTC
Return-Path: <trac+websec@trac.tools.ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F4A421F864A for <websec@ietfa.amsl.com>; Tue, 12 Jun 2012 11:24:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.399
X-Spam-Level:
X-Spam-Status: No, score=-101.399 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_63=0.6, J_CHICKENPOX_66=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aKEExEDFEg93 for <websec@ietfa.amsl.com>; Tue, 12 Jun 2012 11:24:39 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id E264C21F85C6 for <websec@ietf.org>; Tue, 12 Jun 2012 11:24:38 -0700 (PDT)
Received: from localhost ([127.0.0.1]:47104 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from <trac+websec@trac.tools.ietf.org>) id 1SeVlW-0005c2-H5; Tue, 12 Jun 2012 20:24:30 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: websec issue tracker <trac+websec@trac.tools.ietf.org>
X-Trac-Version: 0.12.2
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.2, by Edgewall Software
To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com
X-Trac-Project: websec
Date: Tue, 12 Jun 2012 18:24:30 -0000
X-URL: http://tools.ietf.org/websec/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/37#comment:1
Message-ID: <082.d8f57bd071bc0cc49d717772feaf72e2@trac.tools.ietf.org>
References: <067.4afd58f6d675d5bdb2f19d83a8c1d99a@trac.tools.ietf.org>
X-Trac-Ticket-ID: 37
In-Reply-To: <067.4afd58f6d675d5bdb2f19d83a8c1d99a@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org
X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To:
Resent-Message-Id: <20120612182438.E264C21F85C6@ietfa.amsl.com>
Resent-Date: Tue, 12 Jun 2012 11:24:38 -0700
Resent-From: trac+websec@trac.tools.ietf.org
Cc: websec@ietf.org
Subject: Re: [websec] #37: Clarify that superdomain HSTS flag does not update max-age of subdomain's HSTS max-age and vice versa
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2012 18:24:39 -0000
#37: Clarify that superdomain HSTS flag does not update max-age of subdomain's HSTS max-age and vice versa #choose ticket.new #when True The case is the following: A UA notes a superdomain e.g. example.com as a Known HSTS Host, with "includeSubDomains". Then after that the UA also receives a HSTS header from subdomain foo.example.com (with or without "includeSubDomains") and new max-age (longer or shorter time). The point is in that case the HSTS timer of the superdomain (example.com) MUST NOT be changed (extended or shortened) to the timer used in the subdomain. In fact the UA MUST keep both timers in cache independently and if at some point either one of them is removed (be due to expiry or because of an update setting max-age=0), the second remaining HSTS value MUST still be kept intact and applied. This is mainly to prevent that a subdomain can invalidate the HSTS flag of the superdomain or make it expire and vice versa. #end #otherwise #if changes_body Changes (by jeff.hodges@…): * status: new => closed * resolution: => fixed * severity: - => In WG Last Call #end #if changes_descr #if not changes_body and not change.comment and change.author Description changed by jeff.hodges@…: #end -- #end #if change.comment Comment: fixed in -07 #end #end #end -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-websec-strict- tobias.gondrom@… | transport-sec@… Type: enhancement | Status: closed Priority: major | Milestone: Component: strict- | Version: transport-sec | Resolution: fixed Severity: In WG Last | Call | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/37#comment:1> websec <http://tools.ietf.org/websec/>
- [websec] #37: Clarify that superdomain HSTS flag … websec issue tracker
- Re: [websec] #37: Clarify that superdomain HSTS f… websec issue tracker