On 11/27/11 10:24 AM, Larry Masinter wrote:
>> Depending on how the working group resolves some of the issues it is
>> considering, the draft will need to be substantially re-written. For
>> example, if we
>> decide to use an IANA registry (as seems likely) all of the text that Philip
>> comme
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Security Working Group of the IETF.
Title : Public Key Pinning Extension for HTTP
Author(s) : Chris Evans
Chris Palmer
Comments on draft-ietf-websec-key-pinning-00:
First, nice work.
ยง2.3 "Noting Pins" 2nd-last paragraph:
If the Public-Key-Pins response header field does not meet all three
of these criteria [error-free TLS; current key; backup pin], the UA MUST NOT
note the host as a Pinned Host,
and MUS
