- From: Alessandro Ghedini <alessandro@ghedini.me>
- Date: Tue, 12 Jun 2018 01:10:44 +0100
- To: Emily Stark <estark@google.com>
- Cc: ryan-ietf@sleevi.com, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, httpbis <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
On Mon, Jun 11, 2018 at 03:40:20PM -0700, Emily Stark wrote: > I'm not quite sure what to do about IP certificates. I value consistency > with HSTS/HPKP and I'm not sure it makes sense to allow IP certificates for > Expect-CT for hypothetical use cases at the cost of diverging from > HSTS/HPKP. FWIW, https://1.1.1.1 and friends (1.0.0.1 and IPv6 variants) send both HSTS and Expect-CT (mostly as a side-effect of going through the Cloudflare CDN). I realize it's not exactly a common use case, but it's also not hypothetical :) Cheers
Received on Tuesday, 12 June 2018 00:11:13 UTC