[ updated subject ] > It's not so much with existing HSTS as with something like > draft-evans-palmer-hsts-pinning. > Consider the case where I operate a site that load balances between > two certs, A and B > but I inadvertantly advertise a pin for A only. If I understand S 2.1 > correctly, ...
just fyi on a meta level, note that draft-evans-palmer-hsts-pinning is superseded by draft-ietf-websec-key-pinning, and no longer is an extension to the STS header field.
=JeffH _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
