On 12/17/2014 03:38 PM, Stephane Bortzmeyer wrote:
> On Wed, Dec 17, 2014 at 11:51:08AM -0800,
> David Keeler <[email protected]> wrote
> a message of 47 lines which said:
>
>> Section 11.3 is about when the user agent connects to a host that it
>> previously noted as using HSTS.
>
> OK, so a example case with section 11.3 could be a server publishing a
> HSTS header while it has a recognized certificate and then later
> switching to a self-signed certificate. In that case, access would be
> denied. Am I correct?
Yes, this is a known consequence of using HSTS.
--dkg
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
