Skip to main content

HTTP Strict Transport Security (HSTS)
draft-ietf-websec-strict-transport-sec-14

Yes

(Barry Leiba)

No Objection

(Adrian Farrel)
(Benoît Claise)
(Brian Haberman)
(Gonzalo Camarillo)
(Martin Stiemerling)
(Ralph Droms)
(Ron Bonica)
(Russ Housley)
(Stewart Bryant)
(Wesley Eddy)

Note: This ballot was opened for revision 13 and is now closed.

Barry Leiba Former IESG member
Yes
Yes (for -13) Unknown

                            
Robert Sparks Former IESG member
(was Discuss) Yes
Yes (2012-09-29) Unknown
Thanks for addressing all of my comments.
Sean Turner Former IESG member
Yes
Yes (2012-09-26 for -13) Unknown
I was going to say "Well written indeed" and leave it at that but I thought s14 was outstanding.

In s11.2: Maybe make this a SHOULD:

 Additionally, server implementers should consider employing a default
 max-age value of zero in their deployment configuration systems.

or say:

 Additionally, it is RECOMMENDED that server implementers employ
 a default max-age value of zero in their deployment configuration
 systems.
Stephen Farrell Former IESG member
Yes
Yes (2012-09-26 for -13) Unknown
This is a very well written document. Thanks!

Only comment I have is that 6.1 says that directives are 
optional or required according to their definitions. Is it actually 
possible to define a new required directive without breaking 
interop with this spec? If not then I think saying that would 
be good.
Adrian Farrel Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Benoît Claise Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Brian Haberman Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Gonzalo Camarillo Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Martin Stiemerling Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Pete Resnick Former IESG member
No Objection
No Objection (2012-09-27 for -13) Unknown
6.1:

   Additional directives extending the semantic functionality of the STS
   header field can be defined in other specifications, with a registry
   (having an IANA policy definition of IETF Review [RFC5226]) defined
   for them at such time.

Is IETF Review really necessary? Seems to me "Specification Required" is more than sufficient, and I would not be completely averse to "First Come First Served".

15: Why not set up the directives registry now?
Ralph Droms Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Ron Bonica Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Russ Housley Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Stewart Bryant Former IESG member
No Objection
No Objection (for -13) Unknown

                            
Wesley Eddy Former IESG member
No Objection
No Objection (for -13) Unknown