On 25 August 2014 13:07, Eric Lawrence <[email protected]> wrote: >> No, PKP-RO is not meant to be cached. In this respect, it behaves similar >> to Content-Security-Policy's reporting mechanism. > > Ah, interesting. I'm curious why not? Is there no use-case for allowing > "report-only" pins to be persisted?
I think there definitely are, and I and most organizations I advise would like that option. -tom _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
