On Tue, Sep 13, 2011 at 7:04 AM, Philip Gladstone <pglad...@cisco.com> wrote:
[ snip questions about revocation — I'm trying to think about and clarify that stuff next ] > Does this proposal also support self-signed certificates? I.e. if you > connect to a site, accept the self-signed certificate, can that site then > pin itself using that self-signed cert? I.e. can the validation of the cert > chain stop as soon as there is a pin match? This specification is agnostic on that issue. If your client lets you accept self-signed certificates, then there's no reason it can't also note it as a Known Pinned HSTS Host pinned to your self--signed public key. _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
