W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: STS and lockCA

From: Bil Corry <bil@corry.biz>
Date: Tue, 10 Nov 2009 19:40:26 -0800
Message-ID: <4AFA322A.5030700@corry.biz>
To: Gervase Markham <gerv@mozilla.org>
CC: public-webapps@w3.org
Gervase Markham wrote on 10/01/2009 5:51 PM:
> I therefore propose a simple extension to the STS standard; a single
> token to be appended to the end of the header:
> lockCA

One idea to consider, especially for lockCA, is to somehow denote that STS should expire at the same time as the cert, perhaps by omitting max-age or allowing max-age=cert, etc.  This will prevent accidentally causing STS to last longer or shorter than the cert expiration, especially when it's rotated out or revoked.

- Bil
Received on Wednesday, 11 November 2009 03:40:59 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:20 UTC