![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Opened 11 years ago
Closed 10 years ago
#27 closed defect (fixed)
HSTS header ABNF is a hybrid of RFC2616 and httpbis and is overly complex and broken
| Reported by: | jeff.hodges@… | Owned by: | draft-ietf-websec-strict-transport-sec@… |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | strict-transport-sec | Version: | |
| Severity: | - | Keywords: | |
| Cc: |
Description
HSTS header ABNF in -02 HSTS spec revision is a hybrid of RFC2616 and httpbis and is overly complex and broken
See these messages for details
Strict-Transport-Security syntax redux [Ryan Sleevi]
https://www.ietf.org/mail-archive/web/websec/current/msg00614.html
Strict-Transport-Security syntax redux [Julian Reschke]
https://www.ietf.org/mail-archive/web/websec/current/msg00673.html
Change History (3)
comment:1 Changed 10 years ago by jeff.hodges@…
comment:2 Changed 10 years ago by jeff.hodges@…
The portion of Julian's feedback, as identified in <http://trac.tools.ietf.org/wg/websec/trac/ticket/27#comment:1> (above) that pertains to quoted-string grammar, is now forked off into this separate issue ticket #33..
http://trac.tools.ietf.org/wg/websec/trac/ticket/33
The other portions of his comments are still under this ticket at this time (see any comments below for any changes)
comment:3 Changed 10 years ago by jeff.hodges@…
- Resolution set to fixed
- Status changed from new to closed
draft-ietf-websec-strict-transport-sec-03 contains fixes for the issues described in this ticket.
Julian Reschke has reviewed -03, and provides feedback in this message..
Strict-Transport-Security syntax redux [Julian Reschke]
https://www.ietf.org/mail-archive/web/websec/current/msg00918.html
..see also subsequent discussion in that email thread.