We’re in the near-final push here on getting the HTTP Strict Transport Security (HSTS) draft spec to be published as an RFC.
The most recent draft version (revision -11 as of this writing) is here..
https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec
And the IESG‘s announcement for IETF-wide Last Call is here..
https://www.ietf.org/mail-archive/web/ietf-announce/current/msg10470.html
We’re coming around the last corner and the finish line is in sight!
See also the Wikipedia entry for HSTS — it has info on the spec’s history, applicability, deployment, and implementations.
Average Rating: 4.7 out of 5 based on 278 user reviews.
[…] As I’d noted back in July, the draft HSTS spec was in IETF-wide last call, from which we exited in August with various helpful comments. We applied summore elbow grease to the ol’spec and shipped it to the IESG (Internet Engineering Steering Group) for further inspection, received more good comments, subsequently applied more tweaks and polish, and voila(!), this morning we have this little missive in our email… [websec] Protocol Action: ‘HTTP Strict Transport Security (HSTS)’ to Proposed Standard (draft-ietf-websec-strict-transport-sec-14.txt) […]