> > It states that UAs must let people clear data: > > Yes.
Ah I see this text now, I was confused since it's in a different section. > > When *should* a user agent automatically remove pins for privacy > > reasons? Any algorithm anyone comes up with will be known, and will > > be bypassed with multiple domains, or whatever. > > Yes. Unfortunately, I don't see a way to have both HPKP and automatic > defense against this kind of super-cookie. The problem exists for > HSTS, too. > I agree, but there are two things user agents SHOULD do at a minimum: (a) clear pins for domains whenever other domain-specific information is cleared for privacy reasons (delete history since time N, or private browsing mode) (b) not store pins in cases where cookies will not be rejected for privacy reasons (such as third-party cookie blocking policies). I don't think these are obvious to implementers so I would like to seem them in the spec. Joe
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
