Opened 11 years ago

Closed 10 years ago

#27 closed defect (fixed)

HSTS header ABNF is a hybrid of RFC2616 and httpbis and is overly complex and broken

Reported by: jeff.hodges@… Owned by: draft-ietf-websec-strict-transport-sec@…
Priority: major Milestone:
Component: strict-transport-sec Version:
Severity: - Keywords:
Cc:

Description

HSTS header ABNF in -02 HSTS spec revision is a hybrid of RFC2616 and httpbis and is overly complex and broken

See these messages for details

Strict-Transport-Security syntax redux [Ryan Sleevi]
https://www.ietf.org/mail-archive/web/websec/current/msg00614.html

Strict-Transport-Security syntax redux [Julian Reschke]
https://www.ietf.org/mail-archive/web/websec/current/msg00673.html

Change History (3)

comment:1 Changed 10 years ago by jeff.hodges@…

draft-ietf-websec-strict-transport-sec-03 contains fixes for the issues described in this ticket.

Julian Reschke has reviewed -03, and provides feedback in this message..

Strict-Transport-Security syntax redux [Julian Reschke]
https://www.ietf.org/mail-archive/web/websec/current/msg00918.html

..see also subsequent discussion in that email thread.

comment:2 Changed 10 years ago by jeff.hodges@…

The portion of Julian's feedback, as identified in <http://trac.tools.ietf.org/wg/websec/trac/ticket/27#comment:1> (above) that pertains to quoted-string grammar, is now forked off into this separate issue ticket #33..

http://trac.tools.ietf.org/wg/websec/trac/ticket/33

The other portions of his comments are still under this ticket at this time (see any comments below for any changes)

comment:3 Changed 10 years ago by jeff.hodges@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.