On 25 October 2017 at 19:16, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> > - It is not the client that has enhanced security requirements, > rather it is the recipient domain that is politely requesting > enhanced security, and the client that supports STS is typically > willing to oblige the server. > > I'd say that the recipient domain is actually making a contract that it guarantees to continue to provide the possibility of enhanced security. A client that enforces STS will enforce that contract. By providing this guarantee clients are able to enforce a stronger security assurance since they know that the server will do its part. So I'd say your characterisation has things backwards. Regards Rich.
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta