On 4 March 2013 19:57, Ryan Sleevi <[email protected]> wrote: > While there is an open question as to whether or not such user-agent > behaviour is appropriate to specify here, does the group feel the proposed > text sufficiently addresses the issue as originally raised?
I think it does, although I'm very curious about two points: - will implementations respect 'strict'? - who if any of the sites that have led the way on HSTS/pinning (Google, Twitter) will enable strict I guess we'll have to wait and see. -tom _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
