- From: Bil Corry <bil@corry.biz>
- Date: Tue, 10 Nov 2009 19:40:26 -0800
- To: Gervase Markham <gerv@mozilla.org>
- CC: public-webapps@w3.org
Gervase Markham wrote on 10/01/2009 5:51 PM: > I therefore propose a simple extension to the STS standard; a single > token to be appended to the end of the header: > > lockCA One idea to consider, especially for lockCA, is to somehow denote that STS should expire at the same time as the cert, perhaps by omitting max-age or allowing max-age=cert, etc. This will prevent accidentally causing STS to last longer or shorter than the cert expiration, especially when it's rotated out or revoked. - Bil
Received on Wednesday, 11 November 2009 03:40:59 UTC