=JeffH wrote:
In talking with a couple folks in the past few days, it seems that there
already is some thinking about adding some additional directives (aka
"header
field value tokens") to the STS header field. One such idea is an
"EVonly" flag with nominal semantics of "accept only an EV cert"
This sounds like a good idea. One thing we can do to reduce the
complexity is to have different grammars for server conformance and
for user agent conformance. Essentially, servers would be required to
conform to the current grammar, but UAs would be required to conform
to the more tolerant gramm
In talking with a couple folks in the past few days, it seems that there
already is some thinking about adding some additional directives (aka "header
field value tokens") to the STS header field. One such idea is an "EVonly" flag
with nominal semantics of "accept only an EV cert".
In general,