On 26 August 2014 16:38, Trevor Perrin <[email protected]> wrote: > That's not completely true, because PKP affects Pin Validation of > other connections, and PKP-RO doesn't. > > ... > > So Eric's point is valid: PKP-RO doesn't provide an administrator much > confidence that their site is ready for PKP, and might even mislead > them.
This is especially true if includeSubdomains is enabled. It'd be common for that directive to apply to hosts that the -RO header would not be included on. In PKP-RO, it would not be applied to them; in PKP it would. -tom _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
