[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Search IETF archive

Last Call: <draft-ietf-websec-strict-transport-sec-11.txt> (HTTP Strict Transport Security (HSTS)) to Proposed Standard



The IESG has received a request from the Web Security WG (websec) to
consider the following document:
- 'HTTP Strict Transport Security (HSTS)'
  <draft-ietf-websec-strict-transport-sec-11.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-07-25. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   This specification defines a mechanism enabling web sites to declare
   themselves accessible only via secure connections, and/or for users
   to be able to direct their user agent(s) to interact with given sites
   only over secure connections.  This overall policy is referred to as
   HTTP Strict Transport Security (HSTS).  The policy is declared by web
   sites via the Strict-Transport-Security HTTP response header field,
   and/or by other means, such as user agent configuration, for example.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ballot/

This Proposed Standard has downrefs to the following Informational RFCs:
   RFC 2818, HTTP Over TLS
   RFC 5895, Mapping Characters for IDNA
...and a normative reference to the following obsolete RFC, which is cited alongside its replacement:
   RFC 3490, Internationalizing Domain Names in Applications

No IPR declarations have been submitted directly on this I-D.




[IETF]     [IETF Discussion]     [Linux Kernel]