Re: [websec] new rev: draft-ietf-websec-strict-transport-sec-08
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 31 May 2012 14:17 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6869A21F869E for <websec@ietfa.amsl.com>; Thu, 31 May 2012 07:17:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.65
X-Spam-Level:
X-Spam-Status: No, score=-102.65 tagged_above=-999 required=5 tests=[AWL=-0.051, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OBHq0wqvBR9S for <websec@ietfa.amsl.com>; Thu, 31 May 2012 07:17:48 -0700 (PDT)
Received: from rufus.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id B121521F866B for <websec@ietf.org>; Thu, 31 May 2012 07:17:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1338473866; d=isode.com; s=selector; i=@isode.com; bh=BAA4Kk/e6n2UsoPv3I5uF1508g3D+6gQYPqeJJQOEzM=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Bvh8dmGXOLtv045jcM/NbTefLW17nftiuGlfhSQDO2F7W23dhb43SJuaZYinp8YFwM/UF/ SMF2ePKzVkquhfW9MfzjdicjUP6Fb67WcoQzLOUBeCR4NISZRKmBrOyttI6jAbhKdaDm3y UtXWZJXphw0ym0GXqmwkhhidDLiWt6I=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <T8d9igAE4xtq@rufus.isode.com>; Thu, 31 May 2012 15:17:46 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <4FC77D89.1070508@isode.com>
Date: Thu, 31 May 2012 15:17:45 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
To: =JeffH <Jeff.Hodges@KingsMountain.com>
References: <4FB5608E.60409@KingsMountain.com>
In-Reply-To: <4FB5608E.60409@KingsMountain.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] new rev: draft-ietf-websec-strict-transport-sec-08
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 14:17:48 -0000
Most of my issues were addressed in the latest version, except for this one: > 6.1. Strict-Transport-Security HTTP Response Header Field > > 4. UAs MUST ignore any STS header fields containing directives, or > other header field value data, that does not conform to the > syntax defined in this specification. So this is saying that syntactically invalid STS header fields are to be ignored. This still doesn't say if unrecognized directives are to be ignored or not. (Because they can comply with the generic syntax for directives, so they would be syntactically valid, albeit unrecognized). So can you please add an explicit sentence about that?
- Re: [websec] new rev: draft-ietf-websec-strict-tr… =JeffH
- [websec] new rev: draft-ietf-websec-strict-transp… =JeffH
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Alexey Melnikov
- Re: [websec] new rev: draft-ietf-websec-strict-tr… Paul Hoffman
- [websec] draft-ietf-websec-strict-transport-sec-0… Tobias Gondrom