Most of my issues were addressed in the latest version, except for this one:
> 6.1. Strict-Transport-Security HTTP Response Header Field > > 4. UAs MUST ignore any STS header fields containing directives, or > other header field value data, that does not conform to the > syntax defined in this specification. So this is saying that syntactically invalid STS header fields are to be ignored. This still doesn't say if unrecognized directives are to be ignored or not. (Because they can comply with the generic syntax for directives, so they would be syntactically valid, albeit unrecognized). So can you please add an explicit sentence about that? _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
