On Wed, Dec 17, 2014 at 11:51:08AM -0800, David Keeler <[email protected]> wrote a message of 47 lines which said:
> Section 11.3 is about when the user agent connects to a host that it > previously noted as using HSTS. OK, so a example case with section 11.3 could be a server publishing a HSTS header while it has a recognized certificate and then later switching to a self-signed certificate. In that case, access would be denied. Am I correct? _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
