On Thu, Feb 14, 2013 at 2:50 PM, Daniel Kahn Gillmor <d...@fifthhorseman.net>wrote: > > https://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-4.1 > says that compliant user agents "MUST require that hosts set a Backup > Pin." What do you think about adopting comparably-strong language in > the S-links proposal?
Certainly possible to add, but I'm not convinced it's necessary. This hedges against sites shooting themselves in the foot, the potential damage from bad s-links seems lower to me.
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey