Alexey said: > > Most of my issues were addressed in the latest version, except for this one: > > > 6.1. Strict-Transport-Security HTTP Response Header Field > > > > 4. UAs MUST ignore any STS header fields containing directives, or > > other header field value data, that does not conform to the > > syntax defined in this specification. > > So this is saying that syntactically invalid STS header fields are > to be ignored. This still doesn't say if unrecognized directives are to > be ignored or not. (Because they can comply with the generic syntax for > directives, so they would be syntactically valid, albeit unrecognized). > So can you please add an explicit sentence about that?
will do. =JeffH _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
