Gervase Markham wrote: > On 12/04/11 14:22, Stephen Schultze wrote: > > On 4/8/11 6:49 PM, Sid Stamm wrote: > >> - CA locking functionality in HSTS or via CAA > > > > I am not aware of a spec (yet) for HSTS to do this. > > Indeed not. However, one would not be too tricky to write.
Right. The main motivation for supporting this in HSTS or a HSTS-like mechanism is to get something that is immediately usable (not requiring DNSSEC deployment, not requiring TLS implementation changes, not requiring CA participation), if imperfect (like HSTS itself). - Brian _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
