On Thu, Sep 4, 2014 at 5:06 PM, Ryan Sleevi <[email protected]> wrote: > I wish you would have raised this during WGLC, which would have benefited > from the review and discussion now being paid.
I did raise this in response to the February Last Call, and multiple times later. There was some very light discussion which favored storing PKP-RO, the draft was edited in the opposite direction, and it was sent on while we were still discussing (with no additional WGLC). But I agree that we're now having the discussion this issue deserves (and which we never had earlier). > That is, my understanding is that this is a bit like discovering a possible > issue after you've shipped your gold master to 100K stores. I don't see how we've shipped anything to anyone, so I don't see why this is so painful to discuss. But I'm just a random security nerd, the opinions of browsers and websites are what matter here, so I'll defer to those. Trevor _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
