Status for week ending 2009-09-18. Highlights:
- Bugzilla HTTP API work going well – can get buglists, bugs and history, get and add comments, and there is initial support for modifying bugs. Can also get lists of and individual users. JSON or XML.
- Discussed adapting the proposed “ensure HTTPS” HTTP header to allow it to specify that there should be no change to the CA which issues the certificate; the aim is to partition the trusted CA space for added security.
What is this proposed “ensure HTTPS” HTTP header and where can I find out more about it? Search engines are failing me.
OK, assuming the “ensure HTTPS” HTTP header is the same as Strict Transport Security (STS), then I’ve managed to find some information here:
http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html
To aid people as terminologically-confused as me, I’ll mention that STS is based on Jackson and Barth’s ForceHTTPS specification (ForceHTTPS is also the name of Firefox extension that implements a prototype of the specification). Another (older?) derivative of the ForceHTTPS specification is ForceTLS by Mozilla’s Sid Stamm (it’s implemented in a Firefox extension called Force-TLS; future versions of the Force-TLS extension will implement STS).