> Maybe this suggests that any S-link should embed a backup pin as well, > and that an S-link-compatible user agent should require the backup pin > to be present. >
Naturally, a search-engine would copy all of the observed HPKP pins, including the "backup" pins, which anyways aren't marked or treated different from any other pins. > Thinking about this stuff makes me worry that we're heading down a path > of making a particularly ephemeral variant of a URL, though; and > ephemerality violates some long-standing guiding principles behind URLs, > e.g. http://www.w3.org/Provider/Style/URI This is why I think HTML attributes are the right place for security directives and not URLs themselves (a la the YURLs proposal). S-links doesn't change URL syntax at all. Most hyperlinks on the web are already quite ephemeral...
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey