The IESG has received a request from the Web Security WG (websec) to consider the following document: - 'HTTP Strict Transport Security (HSTS)' <draft-ietf-websec-strict-transport-sec-11.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-07-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections, and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field, and/or by other means, such as user agent configuration, for example. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ballot/ This Proposed Standard has downrefs to the following Informational RFCs: RFC 2818, HTTP Over TLS RFC 5895, Mapping Characters for IDNA ...and a normative reference to the following obsolete RFC, which is cited alongside its replacement: RFC 3490, Internationalizing Domain Names in Applications No IPR declarations have been submitted directly on this I-D.
