=JeffH wrote:
In talking with a couple folks in the past few days, it seems that there
already is some thinking about adding some additional directives (aka
header
field value tokens) to the STS header field. One such idea is an
EVonly flag with nominal semantics of accept only an EV cert.
This sounds like a good idea. One thing we can do to reduce the
complexity is to have different grammars for server conformance and
for user agent conformance. Essentially, servers would be required to
conform to the current grammar, but UAs would be required to conform
to the more tolerant
In talking with a couple folks in the past few days, it seems that there
already is some thinking about adding some additional directives (aka header
field value tokens) to the STS header field. One such idea is an EVonly flag
with nominal semantics of accept only an EV cert.
In general,