Hi,
Below is my WGLC review of the draft:
6.1. Strict-Transport-Security HTTP Response Header Field
The Strict-Transport-Security HTTP response header field (STS header
field) indicates to a UA that it MUST enforce the HSTS Policy in
regards to the host emitting the response message
On Apr 3, 2012, at 1:27 PM, Alexey Melnikov wrote:
8.3. Errors in Secure Transport Establishment
When connecting to a Known HSTS Host, the UA MUST terminate the
connection (see also Section 11 User Agent Implementation Advice,
below) if there are any errors (e.g., certificate
