W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2018

Re: Working Group Last Call for draft-ietf-httpbis-expect-ct-05

From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Tue, 12 Jun 2018 01:10:44 +0100
To: Emily Stark <estark@google.com>
Cc: ryan-ietf@sleevi.com, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, httpbis <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
Message-ID: <20180612001044.GA8711@pinky> 
On Mon, Jun 11, 2018 at 03:40:20PM -0700, Emily Stark wrote:
> I'm not quite sure what to do about IP certificates. I value consistency
> with HSTS/HPKP and I'm not sure it makes sense to allow IP certificates for
> Expect-CT for hypothetical use cases at the cost of diverging from
> HSTS/HPKP.

FWIW, https://1.1.1.1 and friends (1.0.0.1 and IPv6 variants) send both HSTS
and Expect-CT (mostly as a side-effect of going through the Cloudflare CDN). I
realize it's not exactly a common use case, but it's also not hypothetical :)

Cheers
Received on Tuesday, 12 June 2018 00:11:13 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:59 UTC