http://tools.ietf.org/html/draft-hallambaker-webseccaa-00
It is a pretty straightforward proposal: * Use the CAA record with either the hsts or hpkp tag * Put the same text you would have put into the CAA record value field There are a few differences in interpretation. All we are trying to do here is to help people to close the 'secure after first use' hole, not replace. Given that we have quite a bit of use of HSTS headers, providing a mechanism for publishing this in the DNS looks like being the obvious approach. _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
