Hi Chris, I think so. (but am not 100% sure.) Any other comments on this issue before we close it?
Thanks, Tobias On 25/05/13 02:41, websec issue tracker wrote: > #53: Clarify status of pin validation when used with private trust anchors > > > Comment (by [email protected]): > > The current draft has this text: > > 578 <t>If the connection has no errors, then the UA will determine > whether to > 579 apply a new, additional correctness check: Pin Validation. A UA > SHOULD > 580 perform Pin Validation whenever connecting to a Known Pinned Host, > but MAY > 581 allow Pin Validation to be disabled for Hosts according to local > policy. For > 582 example, a UA may disable Pin Validation for Pinned Hosts whose > validated > 583 certificate chain terminates at a user-defined trust anchor, rather > than a > 584 trust anchor built-in to the UA. However, if the Pinned Host Metadata > 585 indicates that the Pinned Host is operating in "strict mode" (see > 586 <xref target="strict"/>), then the UA MUST perform Pin > Validation.</t> > > I believe this is the result of previous consensus. Is that correct, and > can I therefore close this issue? > _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
