>> The max-age directive MUST appear once in the Strict-Transport-Security
>> header field value. The includeSubDomains directive MAY appear once.
>> The order of appearance of directives in the Strict-Transport-Security
>> header field value is not significant.
>>
>> Additional directives extending the the semantic functionality of
>> the Strict-Transport-Security header field may be defined in other
>
> MAY or might ?
yes, a good question.
I believe that there's examples in other RFCs of the use of the lower-case
"may" in situations similar to this (I've seen it discussed many times over the
years). I.e., not all instances of "may" in any given RFC are capitalized
"MAY"s. In this case, "MAY" isn't appropriate IIRC.
And yes, a way to avoid that question/issue is to use a different word such as
"might" or "can", which i can do. I just thought a "may" has more correct
connotations (but I /knew/ it'd come up as a question :)
thanks,
=JeffH
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
