On 29 November 2013 15:24, Trevor Perrin <tr...@trevp.net> wrote: > * Why is there a "Public-Key-Pins-Report-Only" header instead of a > "report-only" directive? Most of the document is written as if there > was a single "PKP header field", so a directive would make more sense. >
If it becomes a directive, we should be sure that we can still apply two headers, one more loose in enforcing mode, one stricter in report only mode. -tom
_______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec