Re: [websec] handling STS header field extendability

Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 27 August 2012 20:18 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF89C21F8510 for <websec@ietfa.amsl.com>; Mon, 27 Aug 2012 13:18:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.444
X-Spam-Level:
X-Spam-Status: No, score=-96.444 tagged_above=-999 required=5 tests=[AWL=-1.082, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RtkFGRr+i09l for <websec@ietfa.amsl.com>; Mon, 27 Aug 2012 13:18:35 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id 8DE7B21F84FA for <websec@ietf.org>; Mon, 27 Aug 2012 13:18:34 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=QuXSU2gNhENsmHXzgfqBmJHwPQPWsYx06dkKkEoJSM18WZME5I6EtiXWmEpAzBVsYE5bp+8TQs2ddKDskeA5WCjIDd4gJETpmThs9l+DvQRYZuH06dxTCWOPvMs2T+Ts; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Received: (qmail 3708 invoked from network); 27 Aug 2012 22:18:31 +0200
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.65?) (94.194.102.93) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 27 Aug 2012 22:18:31 +0200
Message-ID: <503BD617.3000607@gondrom.org>
Date: Mon, 27 Aug 2012 21:18:31 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: websec@ietf.org
References: <503279FA.5070304@KingsMountain.com> <503BD234.5030509@KingsMountain.com>
In-Reply-To: <503BD234.5030509@KingsMountain.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] handling STS header field extendability
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2012 20:18:35 -0000

Hello dear websec fellows,

<hat="WG chair">
we have so far only very few comments regarding this. If you feel 
strongly either way, please say so ASAP, within the next 5 days (until 
Sep-1), otherwise we will have to go with the few comments we received 
to judge consensus based on them.

Thank you, Tobias


On 27/08/12 21:01, =JeffH wrote:
> On 08/20/2012 10:55 AM, =JeffH wrote:> Thanks for the clarification 
> Barry. Yes, this question is in response to Ben
> > Campbell's review comment (which I was going to note, but you took 
> care of it :)
> >
> >  > "We need to decide on an IANA policy *or* explicitly decide that we
> >  > don't want to choose that now, and leave it to whoever creates the
> >  > registry later."
> >
> > yes, that's a more accurate statement of the decision.
> >
> > Either way is fine by me.
>
> Do we have a decision on this as yet?
>
> thanks,
>
> =JeffH
>
>
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec