Gervase Markham wrote on 10/01/2009 5:51 PM: > I therefore propose a simple extension to the STS standard; a single > token to be appended to the end of the header: > > lockCA
One idea to consider, especially for lockCA, is to somehow denote that STS should expire at the same time as the cert, perhaps by omitting max-age or allowing max-age=cert, etc. This will prevent accidentally causing STS to last longer or shorter than the cert expiration, especially when it's rotated out or revoked. - Bil