On 14 May 2018 at 08:59, Tobias Gondrom wrote:
> I agree. Preload is probably the easiest way to go.
> And the use case of transfer of domain ownership can not be ignored.
>
> Not sure whether preload really needs further standardization, after all
> there are only a few browser implementations ou
On Tue, May 15, 2018 at 10:50 AM, Tobias Gondrom
wrote:
> Do you think we need for this an individual RFC or would there be any simpler
> way we could achieve this?
You need an RFC that updates the existing RFC as there's no other
extension path provided.
--
https://annevankesteren.nl/
_
-Original Message-
From: Anne van Kesteren
Sent: Monday, May 14, 2018 6:32 PM
To: Tobias Gondrom
Cc: Yoav Nir ; Robert Linder
; websec
Subject: Re: [websec] Regarding RFC 6797
>On Mon, May 14, 2018 at 5:59 PM, Tobias Gondrom
>wrote:
>> I agree. Preload is probably the
On Mon, May 14, 2018 at 5:59 PM, Tobias Gondrom
wrote:
> I agree. Preload is probably the easiest way to go.
> And the use case of transfer of domain ownership can not be ignored.
>
> Not sure whether preload really needs further standardization, after all
> there are only a few browser implementa
] Regarding RFC 6797
On Mon, May 7, 2018 at 9:54 PM, Yoav Nir wrote:
> Immutable meaning that the HSTS header is permanent and can never be
> removed? So if a user agent has seen an immutable HSTS header once,
> that site has to be (valid) HTTPS-only forever?
>
> Interesting idea.
FWIW,
On Tue, May 8, 2018 at 3:47 AM, Anne van Kesteren wrote:
> On Mon, May 7, 2018 at 9:54 PM, Yoav Nir wrote:
> > Immutable meaning that the HSTS header is permanent and can never be
> > removed? So if a user agent has seen an immutable HSTS header once, that
> > site has to be (valid) HTTPS-only
On Mon, May 7, 2018 at 9:54 PM, Yoav Nir wrote:
> Immutable meaning that the HSTS header is permanent and can never be
> removed? So if a user agent has seen an immutable HSTS header once, that
> site has to be (valid) HTTPS-only forever?
>
> Interesting idea.
FWIW, if anything, it should be abo
> On 4 May 2018, at 23:11, Robert Linder wrote:
>
> Hi,
>
> I would like to propose the addition of the ”immutable” directive (similar to
> that of RFC 8246) for the HSTS header field (RFC 6797).
Immutable meaning that the HSTS header is permanent and can never be removed?
So if a user age
Hi,
I would like to propose the addition of the ”immutable” directive (similar to
that of RFC 8246) for the HSTS header field (RFC 6797).
Best Regards,
Robert Linder
___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec