On Thu, Aug 9, 2012 at 3:09 PM, =JeffH <jeff.hod...@kingsmountain.com> wrote:
> The only extensions we'd discussed in the past were the CertPinning, LockCA, > LockEV. We've decided that cert pinning is an intersecting but orthogonal > policy to HSTS, and thus best handled at this point via a separate header > field. > Also, the various LockFoo notions should be addressed in a cert pinning > policy > context (i mentioned this in the WG session at IETF-82 Taipei). Please forgive my ignorance, but do LockCA and/or LockEV offer any functionality that you can't already get with public key pinning as currently specified? You can pin to a given CA's public key(s), and you can pin to any given EV issuers' public keys. _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec