On 11/11/09 08:57, Adam Barth wrote: > Why do we need a browser mechanism for that? It seems like the site > can easily compute whatever max-age value it wishes to set. Not to mention the fact that you normally don't actually want the LockCA to expire at exactly the same time as the cert, because you don't normally change certs over the second they expire! One would hope to be safely on the new cert a week or two before the expiry of the old one - at which point, the seeminly-simple "expire when cert expires" setting comes back to bite you. GervReceived on Wednesday, 11 November 2009 14:29:32 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT