#42: STS exception for CRL fetching
Comment (by tobias.gondrom@…):
just a personal comment:
Just to be complete: CRL fetching does not necessarily mean a complete
break of HSTS if CRLs come from the same server. A server could still use
HSTS without the subdomain directive and publish the CRLs/OCSP on a
different subdomain. Though I admit that would be a significant limitation
of HSTS. :-(
--
-------------------------+-------------------------------------------------
Reporter: | Owner: draft-ietf-websec-strict-
jeff.hodges@… | transport-sec@…
Type: enhancement | Status: new
Priority: major | Milestone:
Component: strict- | Version:
transport-sec | Resolution:
Severity: In WG Last |
Call |
Keywords: |
-------------------------+-------------------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/42#comment:1>
websec <http://tools.ietf.org/websec/>
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
