On 12/17/2014 03:38 PM, Stephane Bortzmeyer wrote:
> On Wed, Dec 17, 2014 at 11:51:08AM -0800,
> David Keeler wrote
> a message of 47 lines which said:
>
>> Section 11.3 is about when the user agent connects to a host that it
>> previously noted as using HSTS.
>
> OK, so a example case with s
On Wed, Dec 17, 2014 at 11:51:08AM -0800,
David Keeler wrote
a message of 47 lines which said:
> Section 11.3 is about when the user agent connects to a host that it
> previously noted as using HSTS.
OK, so a example case with section 11.3 could be a server publishing a
HSTS header while it h
Hi Stephane,
Here's how I look at it:
Section 8.1 is about a user agent noting a new HSTS host. If the
connection had an underlying error (e.g. self-signed cert), the user
agent will not note that host as using HSTS.
Section 11.3 is about when the user agent connects to a host that it
previously
[I'm not subscribed to the websec working group so please copy me when
replying.]
I don't know how to read section 11.3 of RFC 6797. It says "If all
four of the following conditions are true... [self-signed
certificates...] ...then secure connections to that site will fail,
per the HSTS design."