> In this case, the browser MUST ignore the preloaded pin, and only apply > the pin it noted at T15. >
I would support changing this from MUST to SHOULD, with the understanding that browsers may have forgotten the pin noted at T15 in Trevor's example for multiple possible reasons (space constraints, user clears history, etc.) in which case they will revert to the preloaded pin. In practice a site attempting to un-pin a bad preloaded pin will have to serve the "un-pin" header for the lifetime of the bad preloaded pin no matter what, because some browsers may never visit the site site until the end of the life of the bad preload. So I don't see that making this a MUST makes life any easier for site operators, and as Trevor pointed out it may cause excessive complexity for browsers. Joe
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
