- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Tue, 18 May 2010 01:30:42 +0200
- To: Michal Zalewski <lcamtuf@coredump.cx>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>
mån 2010-05-17 klockan 16:17 -0700 skrev Michal Zalewski: > >> This would make it difficult to enroll (requiring changing all certs). > > Which is something you do anyway fairly frequently (every year or so) > > ...compared to the ability to toggle a HTTP header in a couple > minutes, for free (and roll back if things go wrong). Which imho is too easy. Once enabled it should not be too easy to disable without clients noticing. Regards Henrik
Received on Monday, 17 May 2010 23:31:41 UTC