Re: [websec] #52: Clarification of section 2.3.1
#52: Clarification of section 2.3.1 Changes (by y...@checkpoint.com): * status: assigned = closed * resolution: = fixed Comment: Solved in -04 -- -+ Reporter: Tom Ritter | Owner: pal...@google.com Type: defect | Status: closed Priority: major| Milestone: Component: key-pinning | Version: Severity: -| Resolution: fixed Keywords: | -+ Ticket URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/52#comment:2 websec http://tools.ietf.org/websec/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
Re: [websec] #52: Clarification of section 2.3.1
#52: Clarification of section 2.3.1 Changes (by palmer@…): * owner: draft-ietf-websec-key-pinning@… = palmer@… * status: new = assigned -- -+--- Reporter: Tom Ritter | Owner: palmer@… Type: defect | Status: assigned Priority: major| Milestone: Component: key-pinning | Version: Severity: -| Resolution: Keywords: | -+--- Ticket URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/52#comment:1 websec http://tools.ietf.org/websec/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
[websec] #52: Clarification of section 2.3.1
#52: Clarification of section 2.3.1 I'd suggest the following change to 2.3.1, clarifying it's required-ness and a max-age of 0. 2.3.1. max-age max-age specifies the number of seconds, after the reception of the Public-Key-Pins HTTP Response Header, during which the UA regards the host as a Pinned Host. The delta-seconds production is specified in [rfc-2616]. max-age is a required attribute. If omitted, the UA MUST NOT note the host as a Pinned Host, and MUST discard any previously set Pinning Metadata for that host in its non-volatile store. If max-age is set to 0, the UA MUST likewise discard any previsouly set Pinning Metadata. -- -+- Reporter: Tom Ritter | Owner: draft-ietf-websec-key-pinning@… Type: defect | Status: new Priority: major| Milestone: Component: key-pinning |Version: Severity: -| Keywords: -+- Ticket URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/52 websec http://tools.ietf.org/websec/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec