<hat="chair">
Hello Jeff and all HSTS authors and contributors!
Thank you for putting out the new revised version.
I think this should conclude the WG Last call on the draft and I will
recommend the draft for IETF Last Call, as far as there are no
objections raised from the WG. The shepherd write-up for HSTS is
currently with my co-chair for review prior submission to the AD.
There remain two things left to do:
1. @all authors: Could every author please confirm that any and all
appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed?
A simple reply to the mailing-list or me with "Yes. All is conform with
BCP 78 and BCP 79." by each author would be sufficient. To my knowledge
no IPR discosures have been made for this draft. Please inform me if
there are any?
2. a check of idnits revealed that there are a few reference problems
(including 3 Downref and 1 Obsolete normative reference). This will come
up with the RFC-Editor by the latest, so please revisit the references
and check the idnits tool on the draft ASAP.
Plus two warnings:
== Missing Reference: 'I-D.draft-ietf-httpbis-p1-messaging-17' is mentioned
on line 1839, but not defined
== Outdated reference: A later version (-23) exists of
draft-ietf-dane-protocol-19
Best regards, Tobias
On 02/07/12 22:21, [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Security Working Group of the IETF.
Title : HTTP Strict Transport Security (HSTS)
Author(s) : Jeff Hodges
Collin Jackson
Adam Barth
Filename : draft-ietf-websec-strict-transport-sec-10.txt
Pages : 48
Date : 2012-07-02
Abstract:
This specification defines a mechanism enabling web sites to declare
themselves accessible only via secure connections, and/or for users
to be able to direct their user agent(s) to interact with given sites
only over secure connections. This overall policy is referred to as
HTTP Strict Transport Security (HSTS). The policy is declared by web
sites via the Strict-Transport-Security HTTP response header field,
and/or by other means, such as user agent configuration, for example.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-10
A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=draft-ietf-websec-strict-transport-sec-10
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
