The IESG has received a request from the Web Security WG (websec) to
consider the following document:
- 'HTTP Strict Transport Security (HSTS)'
<draft-ietf-websec-strict-transport-sec-11.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-07-25. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
This specification defines a mechanism enabling web sites to declare
themselves accessible only via secure connections, and/or for users
to be able to direct their user agent(s) to interact with given sites
only over secure connections. This overall policy is referred to as
HTTP Strict Transport Security (HSTS). The policy is declared by web
sites via the Strict-Transport-Security HTTP response header field,
and/or by other means, such as user agent configuration, for example.
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ballot/
This Proposed Standard has downrefs to the following Informational RFCs:
RFC 2818, HTTP Over TLS
RFC 5895, Mapping Characters for IDNA
...and a normative reference to the following obsolete RFC, which is cited alongside its replacement:
RFC 3490, Internationalizing Domain Names in Applications
No IPR declarations have been submitted directly on this I-D.