On 2011-11-09 01:31, Tom Ritter wrote:
My notes:
I believe the BNF (pseudo-BNF?) is incorrect:
Public-Key-Pins = Public-Key-Pins : LWS directives
directives = max-age LWS ; LWS fingerprints
/ fingerprints LWS ; LWS max-age
max-age = max-age LWS =
On Tue, Nov 8, 2011 at 7:48 PM, Steingruebl, Andy
asteingru...@paypal-inc.com wrote:
-Original Message-
From: Chris Palmer
- There is no directive or suggestion to User Agents about saving or
not saving pins received in a private browsing mode. Maybe there
shouldn't be, but if a
-Original Message-
From: Adam Barth [mailto:i...@adambarth.com]
We battled this problem with HSTS as well. I think what Mozilla settled on
(and I don't remember the Chrome solution) is to use a different storage
mechanism when HSTS is *set* during private browsing mode, and clear
On Wed, Nov 9, 2011 at 8:38 AM, Steingruebl, Andy
asteingru...@paypal-inc.com wrote:
-Original Message-
From: Adam Barth [mailto:i...@adambarth.com]
We battled this problem with HSTS as well. I think what Mozilla settled on
(and I don't remember the Chrome solution) is to use a
On 10/25/11 12:42 AM, Tobias Gondrom wrote:
On 25/10/11 07:30, Martin J. Dürst wrote:
On 2011/10/25 11:34, Anne van Kesteren wrote:
On Tue, 25 Oct 2011 10:43:25 +0900, Martin J. Dürst
due...@it.aoyama.ac.jp wrote:
But who is at fault is not what we are interested in here I think. We
are
On Wed, Nov 9, 2011 at 12:34 AM, Julian Reschke julian.resc...@gmx.de wrote:
http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-17.html#rfc.section.3.1
So decide whether you want to allow multiple header fields (in which case
you should use the ABNF list notation used in
On 2011-11-09 21:09, Chris Palmer wrote:
On Wed, Nov 9, 2011 at 12:34 AM, Julian Reschkejulian.resc...@gmx.de wrote:
http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-17.html#rfc.section.3.1
So decide whether you want to allow multiple header fields (in which case
you should