In case you're still wondering about this topic, a draft of the spec is now public:
http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html Apparently an announcement message is also en-route to the W3C WebApps working group. Adam On Thu, Sep 17, 2009 at 5:20 PM, Adam Barth <[email protected]> wrote: > There's a slight race condition in making various things public. > Basically, this is a mechanism a high-security site can use to signal > to the browser that it would like strict handling of HTTPS errors. > For example, when the site opts into this features, HTTPS certificate > errors will be treated as fatal to the connection. > > More details will be surfacing soon in the form of an standards-track > specification. > > Adam > > > On Thu, Sep 17, 2009 at 4:28 PM, Erik Kay <[email protected]> wrote: >> >> For those of us who are curious, could someone explain what this does? >> >> Erik >> >> >> On Thu, Sep 17, 2009 at 4:20 PM, Finnur Thorarinsson >> <[email protected]> wrote: >>> +1 to what Peter is saying. >>> Like Brett, I have no clue what this checkbox means and think it shouldn't >>> have been added. >>> However, the question I have... is it appropriate to tuck this in with >>> something like deleting the history (like we do with last session, recently >>> closed tabs, autogenerated keywords, etc)? >>> It is hard for me to evaluate that, not knowing what this does... :) >>> -F >>> >>> On Thu, Sep 17, 2009 at 16:09, Evan Martin <[email protected]> wrote: >>>> >>>> On Thu, Sep 17, 2009 at 3:54 PM, Brett Wilson <[email protected]> wrote: >>>> > On Thu, Sep 17, 2009 at 3:50 PM, Evan Martin <[email protected]> wrote: >>>> >> >>>> >> On Thu, Sep 17, 2009 at 3:38 PM, Adam Langley <[email protected]> wrote: >>>> >>> >>>> >>> On Thu, Sep 17, 2009 at 3:37 PM, Ben Goodger (Google) >>>> >>> <[email protected]> wrote: >>>> >>>> Whoever added this UI, please remove it before I have to when I get >>>> >>>> back next week. >>>> >>> >>>> >>> Very well, reverting. >>>> >> >>>> >> Why not #ifdef around it? I fear if you revert you'll never check it >>>> >> in again. >>>> > >>>> > If that happens, it's the best possible argument that this is a silly >>>> > thing to add. >>>> >>>> No, it's just the argument that it's not the sort of thing people are >>>> willing to expend the energy to argue about. With this sort of >>>> response I'd be tempted to just give up on the patch. >>>> >>>> >>> >>> >>> > >>> >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
