- From: Steingruebl, Andy <asteingruebl@paypal.com>
- Date: Tue, 18 May 2010 07:01:06 -0600
- To: Henrik Nordström <henrik@henriknordstrom.net>, "sird@rckc.at" <sird@rckc.at>
- CC: "public-web-security@w3.org" <public-web-security@w3.org>
> -----Original Message----- > From: public-web-security-request@w3.org [mailto:public-web-security- > request@w3.org] On Behalf Of Henrik Nordström > Sent: Tuesday, May 18, 2010 3:55 AM > Subject: Re: VeriSign feedback/comments on STS -06 > > mån 2010-05-17 klockan 19:40 -0500 skrev sird@rckc.at: > > Henrik, what you are proposing is a solution to a different problem, > > here we are concerned about webowners wanting their HTTP content to > be > > served only via a secure layer (HTTPS). > > I disagree that the problem is different. When looking at problems like this > you need to look at the effect of the problem on the whole stack, not blindly > look at only one spot. For reference, a previous spec presented for DNS storage of this information can be found here: http://lists.w3.org/Archives/Public/public-wsc-wg/2007Apr/att-0332/http-ssr.html I haven't given it a thorough analysis yet nor have I looked for one either. -- Andy Steingruebl PayPal Information Risk Management
Received on Tuesday, 18 May 2010 13:03:12 UTC