> Gerv had proposed.. > > > > We would like to allow sites to partition the CA space so that compromises > > and problems in other parts of it don't affect them. > > > > I therefore propose a simple extension to the STS standard; a single token > > to be appended to the end of the header: > > > > lockCA
Adam Barth replies.. > > This is an interesting proposal. Agreed. > I think we should resist expanding the scope of the core STS proposal. Agreed -- this is what we (PayPal) also desire. > There are many different kinds of tokens one could imagine adding to > mitigate different threat models. Yes, e.g. EVonly > Instead of adding them all in v1, > we should allow / encourage this kind of experimentation by defining a > forwards-compatible grammar for the STS header. Agreed, see the thread entitled "more flexible ABNF for STS?" Since the latter presumably has more-or-less direct implications for one's parser implementation, it'd be best to specify the ABNF + UA impl guidance now, it'd seem. =JeffH