Any thoughts on this text?
On Fri, Oct 19, 2012 at 2:33 PM, websec issue tracker <trac+web...@trac.tools.ietf.org> wrote: > #55: Clarify that the newest pinning information takes precedence > > In section "Interactions With Preloaded Pin Lists", we need to specify > that the newest information, even "stop pinning", must take precedence. I > propose this text: > > UAs MUST use the newest information — built-in or set via Valid Pinning > Header — when performing Pin Validation for the host. If the result of > noting a Valid Pinning Header is to disable pinning for the host (such as > because the host set a max-age directive with a value of 0), UAs MUST > allow this new nformation to override any built-in pins. That is, a host > must be able to un-pin itself even from built-in pins. _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
