On May 21, 2014 8:25 PM, "William Chan (陈智昌)" <willchan@chromium.org> wrote: > I don't feel very strongly, but I am not sure where the times for the operational considerations are coming from. IIRC, HSTS and HPKP use much longer max-ages. Why does this draft suggest capping at 1 month? That was a temporary value that never got fixed up. Mainly because I don't think that HSTS actually has a recommendation, and that is a closer fit than HPKP. HPKP suggests 60 days, so maybe a slightly longer value, say 90, is appropriate. I'm happy to take suggestions. I'm sure that folks have plenty of paint for this.
Received on Thursday, 22 May 2014 10:37:27 UTC