On 10/08/14 16:02, Barry Leiba wrote: >>> I agree, this is an "update" and not an "errata". >>> >>> However, am not sure how to best retain this information: >>> Because this is a good point for a best practice. >>> And be it only in advising the best practice when using HSTS, like >>> simply including one link to the parent https://example.com to avoid >>> having unprotected parent-domains. >> Well, if we could talk Eric into writing a draft... > ... >> So we get an Informational draft called "best practices in using HSTS". 2 >> pages long unless we rathole and add lots of stuff. > That absolutely seems the best approach, and have it "update" 6797. I > would love it if Eric would be a co-author, and I think we can keep > the working group going long enough to do this. > > To Tobias's more general question of where we keep track of these > sorts of things when we don't have a working group to pick it up and > go with it: Yes, that's something we've been discussing. If we have > a former working group to work from, there's a wiki on tools.ietf.org > (websec's is at <http://trac.tools.ietf.org/wg/websec/trac/wiki>, and > it's entirely unused, but some working groups do use theirs). I've > been suggesting that we make a habit of keeping updates, change > requests, follow-on notes, and other non-errata things there, on the > appropriate current or former WG wiki. If there's no obvious WG, we > can use the appsawg wiki at > <http://trac.tools.ietf.org/wg/appsawg/trac/wiki> for App Area stuff. > The only bad thing about that is that there's no pointer from the RFC > to the appropriate wiki, and we've talked about establishing some sort > of per-RFC wiki also, or maybe just a per-RFC pointer to a wiki. > > Barry
I agree. The question is, does Eric (and maybe Jeff or anybody else) want to do a small update informational RFC? Best regards, Tobias Ps.: and thanks for the clarification about the Wiki.
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
