On 4 March 2013 20:09, Ryan Sleevi <[email protected]> wrote: > I'd like to solicit feedback and make sure that both the discussions from > Atlanta and from the list have been accurately captured. Are there > concerns with a Report-Only mode that have not been accurately captured?
Obviously I wasn't in Atlanta, but I feel if you're sending the known pins in the report (and you should) you should send the whole policy as you know it, including directives, and some mechanism for max-age that says 'when I think this will expire'. Maybe even 'when I got this directive' (if available) and 'where i got this directive from' (preloaded vs header). port should be an integer or a string, but one or the other. Why have it be ambiguous? -tom _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
