Re: VeriSign feedback/comments on STS -06 from sird@rckc.at on 2010-05-18 (public-web-security@w3.org from May 2010)

From: <sird@rckc.at>
Date: Mon, 17 May 2010 19:40:40 -0500
To: Henrik Nordström <henrik@henriknordstrom.net>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <AANLkTimzYLjzu7zwXeIVvOJFUeMfy3OwPs4UQX4sYruj@mail.gmail.com>

Henrik, what you are proposing is a solution to a different problem, here we
are concerned about webowners wanting their HTTP content to be served only
via a secure layer (HTTPS).

A change on how DNS/SSL works is not in the scope of STS nor the W3G
whatsoever.

-- Eduardo


2010/5/17 Henrik Nordström <henrik@henriknordstrom.net>

> mån 2010-05-17 klockan 16:17 -0700 skrev Michal Zalewski:
> > >> This would make it difficult to enroll (requiring changing all certs).
> > > Which is something you do anyway fairly frequently (every year or so)
> >
> > ...compared to the ability to toggle a HTTP header in a couple
> > minutes, for free (and roll back if things go wrong).
>
> Which imho is too easy. Once enabled it should not be too easy to
> disable without clients noticing.
>
> Regards
> Henrik
>
>
>

Received on Tuesday, 18 May 2010 00:41:37 UTC