On 14/08/12 08:12, Yoav Nir wrote:
Right.
As a reminder, the proposed resolution is as follows:
* Do not establish a registry now
Let the first new header field specification establish it
* A client that gets an unknown field ignores it
This means no mandatory-to-understand extensions
At this stage, a +1 response is OK though not necessary (we got plenty of those
in the room), but any disagreement should come with an explanation.
<hat="individual">
+1. ;-)
Ps.: and thanks to Yoav for framing the topic.
Thanks
Yoav
================================================================
From: websec-boun...@ietf.org [mailto:websec-boun...@ietf.org] On Behalf Of
Barry Leiba
Sent: Tuesday, August 14, 2012 7:14 AM
To: IETF WebSec WG
Subject: Re: [websec] handling STS header field extendability
Please forgive my ignorance, but do LockCA and/or LockEV offer any
functionality that you can't already get with public key pinning as
currently specified?
Folks, this thread has rather been hijacked. We need to have some WG input
on what registration policy to recommend for a possible future STS header field
registry. That's what this thread is for, and I need to see some WG discussion
about it in order that Jeff may finish the document and that I may move it
forward.
Please take discussion of LockCA and LockEV to another thread.
Thanks,
Barry
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec