HTTP Strict Transport Security (HSTS)
draft-ietf-websec-strict-transport-sec-14
Yes
(Barry Leiba)
No Objection
(Adrian Farrel)
(Benoît Claise)
(Brian Haberman)
(Gonzalo Camarillo)
(Martin Stiemerling)
(Ralph Droms)
(Ron Bonica)
(Russ Housley)
(Stewart Bryant)
(Wesley Eddy)
Note: This ballot was opened for revision 13 and is now closed.
Barry Leiba Former IESG member
Yes
Yes
(for -13)
Unknown
Robert Sparks Former IESG member
(was Discuss)
Yes
Yes
(2012-09-29)
Unknown
Thanks for addressing all of my comments.
Sean Turner Former IESG member
Yes
Yes
(2012-09-26 for -13)
Unknown
I was going to say "Well written indeed" and leave it at that but I thought s14 was outstanding. In s11.2: Maybe make this a SHOULD: Additionally, server implementers should consider employing a default max-age value of zero in their deployment configuration systems. or say: Additionally, it is RECOMMENDED that server implementers employ a default max-age value of zero in their deployment configuration systems.
Stephen Farrell Former IESG member
Yes
Yes
(2012-09-26 for -13)
Unknown
This is a very well written document. Thanks! Only comment I have is that 6.1 says that directives are optional or required according to their definitions. Is it actually possible to define a new required directive without breaking interop with this spec? If not then I think saying that would be good.
Adrian Farrel Former IESG member
No Objection
No Objection
(for -13)
Unknown
Benoît Claise Former IESG member
No Objection
No Objection
(for -13)
Unknown
Brian Haberman Former IESG member
No Objection
No Objection
(for -13)
Unknown
Gonzalo Camarillo Former IESG member
No Objection
No Objection
(for -13)
Unknown
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -13)
Unknown
Pete Resnick Former IESG member
No Objection
No Objection
(2012-09-27 for -13)
Unknown
6.1: Additional directives extending the semantic functionality of the STS header field can be defined in other specifications, with a registry (having an IANA policy definition of IETF Review [RFC5226]) defined for them at such time. Is IETF Review really necessary? Seems to me "Specification Required" is more than sufficient, and I would not be completely averse to "First Come First Served". 15: Why not set up the directives registry now?
Ralph Droms Former IESG member
No Objection
No Objection
(for -13)
Unknown
Ron Bonica Former IESG member
No Objection
No Objection
(for -13)
Unknown
Russ Housley Former IESG member
No Objection
No Objection
(for -13)
Unknown
Stewart Bryant Former IESG member
No Objection
No Objection
(for -13)
Unknown
Wesley Eddy Former IESG member
No Objection
No Objection
(for -13)
Unknown