Dear public-webapps,
I would like to propose a small extension to the current draft
specification for Strict Transport Security.
http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html
The Problem
---
At the moment, if one CA
On 02/10/09 23:54, Hodges, Jeff wrote:
Instead of adding them all in v1,
we should allow / encourage this kind of experimentation by defining a
forwards-compatible grammar for the STS header.
Agreed, see the thread entitled more flexible ABNF for STS?
That would be a great thing :-) I
On 11/11/09 08:57, Adam Barth wrote:
Why do we need a browser mechanism for that? It seems like the site
can easily compute whatever max-age value it wishes to set.
Not to mention the fact that you normally don't actually want the LockCA
to expire at exactly the same time as the cert, because
On 11/11/09 15:25, Bil Corry wrote:
Would LockCA prevent the site from loading if it encountered a new
cert from the same CA?
No. Hence the name - lock _CA_. :-P
(BTW, I'm not subscribed to public-webapps; you'll need to CC me on any
conversation you want me in.)
Or are you talking about a