#54: Specify a report-only mode
Changes (by pal...@google.com):
* status: assigned => closed
* resolution: => fixed
Comment:
Draft -08 specifies a report-uri directive and a JSON format to be POSTed
to the given URI.
--
---+
On Fri, Oct 19, 2012 at 8:56 AM, Tom Ritter wrote:
> It hurts me to say so, because it's going to be more work and
> complication and delay - but I agree a reporting system should be
> added.
:)
>>> {
>>>"pin-validation-succeeded": (true|false),
>>>"expected-pins": [ "sha1/blahblah", "
On Fri, October 19, 2012 8:56 am, Tom Ritter wrote:
> > - Should the report URI be allowed to specify HTTPS?
>
> Yes. This is potentially sensitive information, and we would like it
> to be protected in transit.
>
> > - If the report URI specifies HTTPS, and the report URI origin is the
> >
>> On Thu, Oct 18, 2012 at 4:56 PM, websec issue tracker
>> What are people's thoughts on this?
It hurts me to say so, because it's going to be more work and
complication and delay - but I agree a reporting system should be
added.
>> The reporting interface must be one that is easy for site op
On Thu, October 18, 2012 5:17 pm, Chris Palmer wrote:
> On Thu, Oct 18, 2012 at 4:56 PM, websec issue tracker
> wrote:
>
> > #54: Specify a report-only mode
> >
> > Should there be a "report-only" mode, allowing site operators to see
> > how
> > using HPKP would affect their site's operation i
On Thu, Oct 18, 2012 at 4:56 PM, websec issue tracker
wrote:
> #54: Specify a report-only mode
>
> Should there be a "report-only" mode, allowing site operators to see how
> using HPKP would affect their site's operation in browsers supporting
> HPKP? (Probably.)
>
> If so, specify how that m
#54: Specify a report-only mode
Changes (by palmer@…):
* status: new => assigned
--
-+---
Reporter: palmer@… | Owner: palmer@…
Type: defect | Status: assigned
Priority: major| Milestone:
Component: key-pi
#54: Specify a report-only mode
Should there be a "report-only" mode, allowing site operators to see how
using HPKP would affect their site's operation in browsers supporting
HPKP? (Probably.)
If so, specify how that mode would work.
--
-+--
Repo