> On 4 May 2018, at 23:11, Robert Linder <[email protected]> wrote: > > Hi, > > I would like to propose the addition of the ”immutable” directive (similar to > that of RFC 8246) for the HSTS header field (RFC 6797).
Immutable meaning that the HSTS header is permanent and can never be removed? So if a user agent has seen an immutable HSTS header once, that site has to be (valid) HTTPS-only forever? Interesting idea. Anyway, the WebSec working group has been closed for several years now. If you would like to extend HSTS, you should submit an individual draft (something with a name like draft-linder-hsts-immutable-00). You can then discuss the draft either here or in the secdispatch mailing list (more technical discussion goes here; procedural discussion goes there). You can also ask to present your draft at the meeting of the SecDispatch working group at the next IETF meeting (this July in Montreal, or the one after that: November in Bangkok). The purpose of the SecDispatch working group is to recommend what to do with new drafts - either spin up a new working group, or find an existing working group to work on this, or ask an Area Director to sponsor the draft as an individual submission. Hope this helps Yoav (former co-chair of WebSec)
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
