Re: [websec] RFC 6797 on HTTP Strict Transport Security (HSTS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/19/12 4:40 PM, rfc-edi...@rfc-editor.org wrote: A new Request for Comments is now available in online RFC libraries. RFC 6797 Title: HTTP Strict Transport Security (HSTS) Author: J. Hodges, C. Jackson, A. Barth It's

Re: [websec] WGLC for X-Frame-Options

in RFC 6648, thus you might not want to include the first clause of the second sentence above] IANA Considerations Does this header really belong in the permanent registry, given that there are already plans to deprecate it? Peter - -- Peter Saint-Andre https://stpeter.im/ -BEGIN PGP

Re: [websec] closing open issue tickets ?

. shall I close these open tickets? Having reviewed -10 (including checking it against the tickets), I would say yes. Peter -- Peter Saint-Andre https://stpeter.im/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec

Re: [websec] This site is testing HSTS directive (was Issue #41 add parameter indicating whether to hardfail or not)

it seems that an implementation note would be warranted. I tend to agree with Jeff that if people feel a strong need for this, they can do so in a separate I-D (I don't particularly see a need for it to go into the core spec, but I might be missing something). Peter -- Peter Saint-Andre https

Re: [websec] Review of draft-ietf-websec-strict-transport-sec-06.txt

On 5/4/12 2:47 AM, Alexey Melnikov wrote: On 3 May 2012, at 20:40, Peter Saint-Andre stpe...@stpeter.im wrote: On 5/2/12 1:45 PM, =JeffH wrote: 13. Internationalized Domain Names for Applications (IDNA): Dependency and Migration IDNA2008 obsoletes IDNA2003

Re: [websec] Review of draft-ietf-websec-strict-transport-sec-06.txt

that Jeff produced is about the best we're going to do right now. Peter -- Peter Saint-Andre https://stpeter.im/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec

[websec] preparing for Paris

Just a friendly reminder that WG sessions for IETF 83 need to be scheduled less than 2 weeks from now: http://www.ietf.org/meeting/cutoff-dates-2012.html#IETF83 Peter -- Peter Saint-Andre http://stpeter.im/ ___ websec mailing list websec@ietf.org

Re: [websec] X-Requested-With header field

On 12/13/11 3:24 AM, Julian Reschke wrote: it seems this header field is widely implemented. Is it here to stay? If so, shouldn't it be documented somewhere? +1, even if it does start with that ugly X- string. :) ___ websec mailing list

Re: [websec] mimesniff feedback, part 2

for the _initial_ contents of the registry, but updates and additions could be managed through whatever registration process we decided on, without having to update the document or algorithm itself. Makes sense to me (as an individual). Peter -- Peter Saint-Andre https://stpeter.im

[websec] W3C Web Cryptography Working Group Charter

Of interest to apps and security folks at the IETF... http://www.w3.org/2011/11/webcryptography-charter.html Provide comments on the public-ident...@w3.org list (subscribe by emailing public-identity-requ...@w3.org with subject subscribe). Peter -- Peter Saint-Andre https://stpeter.im

Re: [websec] font sniffing

exactly what typographic entities are being sent around by browsers and other applications. Peter -- Peter Saint-Andre https://stpeter.im/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec

Re: [websec] Comments on draft-abarth-principles-of-origin-00, was: Reviews of draft-ietf-websec-origin and principles-of-origin until end of May

tonight or tomorrow), I'll upload a new draft. Thanks, Adam. Once the new version is posted I'll do a review. I think this is a normative reference from the WebSocket spec, so that might encourage more folks to provide reviews... Peter -- Peter Saint-Andre https://stpeter.im/ smime.p7s