Re: Working Group Last Call for draft-ietf-httpbis-expect-ct-05 from Emily Stark on 2018-07-01 (ietf-http-wg@w3.org from July to September 2018)

From: Emily Stark <estark@google.com>
Date: Sat, 30 Jun 2018 18:42:54 -0700
To: alessandro@ghedini.me
Cc: ryan-ietf@sleevi.com, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, httpbis <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
Message-ID: <CAPP_2SbCZu0wpas6Tt05=pk0pjn1Gb_TwTAqa099ONGpJ36qiQ@mail.gmail.com>

On Mon, Jun 11, 2018 at 5:10 PM Alessandro Ghedini <alessandro@ghedini.me>
wrote:

> On Mon, Jun 11, 2018 at 03:40:20PM -0700, Emily Stark wrote:
> > I'm not quite sure what to do about IP certificates. I value consistency
> > with HSTS/HPKP and I'm not sure it makes sense to allow IP certificates
> for
> > Expect-CT for hypothetical use cases at the cost of diverging from
> > HSTS/HPKP.
>
> FWIW, https://1.1.1.1 and friends (1.0.0.1 and IPv6 variants) send both
> HSTS
> and Expect-CT (mostly as a side-effect of going through the Cloudflare
> CDN). I
> realize it's not exactly a common use case, but it's also not hypothetical
> :)
>

Ah, interesting. Ok, it seems reasonable to me to drop that restriction if
there are actual users, so I've done so in
https://github.com/httpwg/http-extensions/commit/cdcf9ccbcc7583ab41b5f1680770b761ff6b49f0
.

>
> Cheers
>

Received on Sunday, 1 July 2018 01:43:29 UTC