On Sat, Feb 25, 2017 at 5:20 PM, Peter Bowen wrote:
>
> Consider Public Key Pinning for HTTP. If example.com sets a pin with
> “includeSubdomains”, then it applies to shop.example.com. If
> shopcorp.example set a pin with includeSubdomains it does not apply to
> shop.example.com.
On 25/02/17 16:16, phill...@comodo.com wrote:
The sequence is:
beta.shop.example.com
shop.example.com
xmpl.cdn.bighost.com
cdn.bighost.com *
xmpl.cdnhost.xyz *
cdnhost.xyz *
xyz *
shop.example.com
example.com
com
Why the second "shop.example.com" ?
Now if people were to say they think
> On Feb 25, 2017, at 8:16 AM, philliph--- via Public
> wrote:
>
>
>> On Feb 24, 2017, at 9:17 PM, Peter Bowen wrote:
>>
>> On Fri, Feb 24, 2017 at 5:49 PM, philliph--- via Public
>> wrote:
>>> On the CAA recursive part, I am
> On Feb 24, 2017, at 9:17 PM, Peter Bowen wrote:
>
> On Fri, Feb 24, 2017 at 5:49 PM, philliph--- via Public
> wrote:
>> On the CAA recursive part, I am trying to track down why there is an
>> existing errata that makes a normative change with held for
Kirk,
I’m glad to hear you support my proposal. I did realize, after reading Ryan’s
email, the sunset probably needs to be a rolling date to handle the BR “phase
in” period. So the rule needs to effectively be:
* Effective July 1, 2017, unexpired OV/IV SSL certificates must be revoked