>> I agree, this is an "update" and not an "errata". >> >> However, am not sure how to best retain this information: >> Because this is a good point for a best practice. >> And be it only in advising the best practice when using HSTS, like >> simply including one link to the parent https://example.com to avoid >> having unprotected parent-domains. > > Well, if we could talk Eric into writing a draft... ... > So we get an Informational draft called "best practices in using HSTS". 2 > pages long unless we rathole and add lots of stuff.
That absolutely seems the best approach, and have it "update" 6797. I would love it if Eric would be a co-author, and I think we can keep the working group going long enough to do this. To Tobias's more general question of where we keep track of these sorts of things when we don't have a working group to pick it up and go with it: Yes, that's something we've been discussing. If we have a former working group to work from, there's a wiki on tools.ietf.org (websec's is at <http://trac.tools.ietf.org/wg/websec/trac/wiki>, and it's entirely unused, but some working groups do use theirs). I've been suggesting that we make a habit of keeping updates, change requests, follow-on notes, and other non-errata things there, on the appropriate current or former WG wiki. If there's no obvious WG, we can use the appsawg wiki at <http://trac.tools.ietf.org/wg/appsawg/trac/wiki> for App Area stuff. The only bad thing about that is that there's no pointer from the RFC to the appropriate wiki, and we've talked about establishing some sort of per-RFC wiki also, or maybe just a per-RFC pointer to a wiki. Barry _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
