On 02/14/2013 02:45 PM, Joseph Bonneau wrote: > Naturally, a search-engine would copy all of the observed HPKP pins, > including the "backup" pins, which anyways aren't marked or treated > different from any other pins.
https://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-4.1 says that compliant user agents "MUST require that hosts set a Backup Pin." What do you think about adopting comparably-strong language in the S-links proposal? > Most hyperlinks on the web are already quite ephemeral... i know. it's sad :( --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey