On 12/12/11 20:07, Richard L. Barnes wrote:
> In fact, it doesn't look like they're even processing the onload
> handler for the element (except for Gmail). That black line
> you see is a collapsed , and it should be hidden on load. Maybe
> MUAs just aren't supporting Javascript? --Richard
It's
Hi,
it seems this header field is widely implemented. Is it here to stay? If
so, shouldn't it be documented somewhere?
Best regards, Julian
___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
DSA is unlikely to be widespread enough to cause problems.
But I cannot be confident that the same problem is not going to appear with
ECC parameters. (sorry for the double negative).
I don't like a solution for pinning that depends on the CA delivering the
'right' sort of cert. I would prefer t
On Tue, Dec 13, 2011 at 7:56 AM, Phillip Hallam-Baker wrote:
> I don't like a solution for pinning that depends on the CA delivering the
> 'right' sort of cert. I would prefer to add in a second hash over the
> parameter values or specify them explicitly in the pin or to have the hash
> be over wh
On 12/13/11 3:24 AM, Julian Reschke wrote:
> it seems this header field is widely implemented. Is it here to stay? If
> so, shouldn't it be documented somewhere?
+1, even if it does start with that ugly "X-" string. :)
___
websec mailing list
websec@ie
Maybe two questions:
1. any volunteers to write this up?
2. is there a coherent documentation of expected use of the header?
I looked a bit, but didn't find a good one.
Best regards, Tobias
On 13/12/11 15:40, Peter Saint-Andre wrote:
On 12/13/11 3:24 AM, Julian Reschke wrote:
it seems this
