On 4 March 2013 19:58, Ryan Sleevi <[email protected]> wrote: > Is the added language acceptable? Are there any concerns with the > validation/processing model that would prevent us from closing out this > issue?
It took me a while to get it (so maybe a clarification appendix would be good?), but I think I do and I think it works. Although, I suppose there's no real support for a mechanism where exmaple.com has includeSubdomains that applies to a, b, c.example but d.example says "max-age=0". D will wind up being pinned regardless. I think that's okay, just noting it. As an aside, Section 2.3.1 says "Note the host as a Known HSTS Host if it is not already so noted" I think that should be "Known Pinned Host"? I thought we were separating Require-SSL from Require-These-Keys. -tom _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
