And, thanks to everyone for your valuable input. This was (quite obviously :) ) my first adventure in Standards Land, and I know it was rocky. But hopefully we have something now. :)
On Wed, Jun 18, 2014 at 2:12 PM, Yoav Nir <[email protected]> wrote: > Thanks to Ryan and the Chrises for getting this done. > > Folks, it seem to us that this working group has done as much as we can for > this document. We could keep discussing this for another year, but we > believe at this point this would be counter-productive. > > So, we intend to send this to Barry next week. Please take the time to make > sure that no huge mistakes have been added in the last two iterations. For > your convenience, here are links to the diffs: > > http://www.ietf.org/rfcdiff?url2=draft-ietf-websec-key-pinning-14 > http://www.ietf.org/rfcdiff?url2=draft-ietf-websec-key-pinning-15 > > > Thanks again to the authors and people on the list for all the efforts. I > believe we have come up with a document that is implementable and adds a > scalable way to mitigate the threat of mis-issued certificates. > > As you know, the journey is not quite done, as we still have AD review, IETF > last call, the IESG, and the RFC editor. See you all around. > > Tobias and Yoav > > On Jun 17, 2014, at 2:33 AM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Security Working Group of the IETF. > > Title : Public Key Pinning Extension for HTTP > Authors : Chris Evans > Chris Palmer > Ryan Sleevi > Filename : draft-ietf-websec-key-pinning-15.txt > Pages : 26 > Date : 2014-06-16 > > Abstract: > This memo describes an extension to the HTTP protocol allowing web > host operators to instruct user agents to remember ("pin") the hosts' > cryptographic identities for a given period of time. During that > time, UAs will require that the host present a certificate chain > including at least one Subject Public Key Info structure whose > fingerprint matches one of the pinned fingerprints for that host. By > effectively reducing the number of authorities who can authenticate > the domain during the lifetime of the pin, pinning may reduce the > incidence of man-in-the-middle attacks due to compromised > Certification Authorities. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-websec-key-pinning-15 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-websec-key-pinning-15 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec > _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
