On 4 November 2015 at 06:28, Rob Stradling <[email protected]> wrote: > Tom, > > I just raised http://trac.tools.ietf.org/wg/trans/trac/ticket/113 to track > this. > > How do you envisage that we let "a site owner dictate that CT should always > be enabled for their domain"? > Some sort of HTTP header (a la HSTS and HPKP), perhaps?
Yea, probably. > Do you think this is something that the TRANS WG should specify (in 6962-bis > or some other document)? Or should we punt it to WEBSEC or some other > place? A process question for the chairs I'd say. Probably websec? I've volunteered to do this draft before, and it still stands. Now that Firefox is working on implementing the x509 version, they may be open to implementing a header version as well - before the feedback seemed to be "Yea, maybe, but will anyone implement in a timely fashion?" -tom _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
