On 2012-03-18 23:31, Tobias Gondrom wrote:
Hello dear websec fellows,
after reading the feedback, tracker entries and the updates on the HSTS
draft, the WG chairs and secretary have the impression that the draft is
in good shape and we like to ask for WG Last Call for this document:
http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-06
As we are close to the IETF meeting in Paris, this last call will be
extended to three weeks and close on April-9. Please make a last careful
review of the draft and submit comments, questions and discuss items for
this draft ASAP. You can submit them via email to the mailing-list or
make entries for HSTS in the tracker. If you perceive any major issues,
it might also make sense to raise them during our meeting in Paris on
March-26.
Kind regards and thank you,
...
I'd like to point out that I still think my concerns over the
inconsistent use of quoted-string
(<http://www.ietf.org/mail-archive/web/websec/current/msg01044.html>)
are valid and not addressed; and I think they should be before you go to
IETF LC.
Note that since we had a long discussion with Adam Barth about
quoted-string, Chrome has started supporting it in Content-Disposition,
and a similar fix for Content-Type is in preparation
(<http://code.google.com/p/chromium/issues/detail?id=103361#c7>).
In <http://www.ietf.org/mail-archive/web/websec/current/msg01045.html>
Jeff points out that Firefox doesn't support quoted-string in all
parameters, but IMHO that's a bogus argument because it currently
doesn't support q-s *at all*; so it will need to be fixed to conform to
the current spec as well (see
<https://bugzilla.mozilla.org/show_bug.cgi?id=718409>).
I believe this could be a useful discussion topic for Paris.
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
