-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Last call changes #183
Last call changes #183
Changes from 1 commit
1435fbb
73b7401
39a296d
bcef5d3
26a3ea5
8926a16
28424b0
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -94,11 +94,16 @@ This document defines a text file to be placed in a known location | |||||
that provides information about the vulnerability disclosure practices of a particular organization. | ||||||
This is intended to help security researchers when disclosing security vulnerabilities. | ||||||
|
||||||
The file is named "security.txt", and this file MUST be placed under the | ||||||
/.well-known/ path ("/.well-known/security.txt") {{!RFC8615}} of a domain name or IP address for web | ||||||
properties. For legacy compatibility, a security.txt file might be placed at the top level path (see {{weblocation}}). | ||||||
By convention, the file is named "security.txt". | ||||||
|
||||||
For web-based services, the file MUST be accessible via the Hypertext Transfer Protocol (HTTP) 1.0 {{!RFC1945}} or higher version, as a resource of Internet Media Type "text/plain" with the default charset parameter set to "utf-8" per section 4.1.3 of {{!RFC2046}}, and it MUST be served with "https" (as per section 2.7.2 of {{!RFC7230}}). For file systems a "security.txt" file SHOULD be placed in the root directory of a particular file system. | ||||||
When made available on HTTP servers, it MUST be placed under the | ||||||
/.well-known/ path (as "/.well-known/security.txt") {{!RFC8615}} of a domain name or IP address. | ||||||
For legacy compatibility, a security.txt file might be placed at the top level path (see {{weblocation}}). | ||||||
For file systems a "security.txt" file SHOULD be placed in the root directory of a particular file system. | ||||||
|
||||||
On HTTP servers, the file MUST be accessed via the Hypertext Transfer Protocol (HTTP) 1.0 {{!RFC1945}} or higher version | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done |
||||||
and the "https" scheme (as per section 2.7.2 of {{!RFC7230}}). It MUST have a Content-Type of "text/plain" | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
This sentence is quite difficult to follow. Especially with all the inline references. Might need rephrasing. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. reworded |
||||||
with the default charset parameter set to "utf-8" (as per section 4.1.3 of {{!RFC2046}}). | ||||||
|
||||||
This text file contains multiple fields with different values. A field contains a "name" which is the first part of a field all the way up | ||||||
to the colon ("Contact:") and follows the syntax defined for "field-name" in section 3.6.8 | ||||||
|
@@ -122,8 +127,8 @@ contain URIs using percent-encoding (as per section 2.1 of {{!RFC3986}}). | |||||
A "security.txt" file MUST only apply to the domain or IP address in the URI used to retrieve it, | ||||||
not to any of its subdomains or parent domains. A "security.txt" file that is found | ||||||
in a file system MUST only apply to the folder | ||||||
or repository in which it is located, and not to any of its parent or sibling folders, | ||||||
or repositories. However, it will apply to all subfolders. | ||||||
in which it is located, and not to any of its parent or sibling folders. | ||||||
However, it will apply to all subfolders. | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would reword this as follows:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done |
||||||
|
||||||
Some examples appear below: | ||||||
|
||||||
|
@@ -631,10 +636,10 @@ Specification document(s): this document | |||||
|
||||||
Status: permanent | ||||||
|
||||||
## Registry for security.txt Header Fields {#registry} | ||||||
## Registry for security.txt Fields {#registry} | ||||||
|
||||||
IANA is requested to create the "security.txt Header Fields" registry in | ||||||
accordance with {{?RFC8126}}. This registry will contain header fields for | ||||||
IANA is requested to create the "security.txt Fields" registry in | ||||||
accordance with {{?RFC8126}}. This registry will contain fields for | ||||||
use in security.txt files, defined by this specification. | ||||||
|
||||||
New registrations or updates MUST be published in accordance with the | ||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not think "particular" is needed here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done