This is a call for consensus to publish the following draft of "CSP
Pinning" as a First Public Working Draft:
https://w3c.github.io/webappsec/specs/csp-pinning/published/2015-02-FPWD.html
This document defines a new HTTP header that allows authors to instruct
user agents to remember ("pin") and enforce a Content Security Policy for a
set of hosts for a period of time.
There's still work to be done, but I believe the document clearly falls
under the group's charter, and is ready for initial publication. Do you
agree? Please send any and all comments to public-webappsec@w3.org. This
CfC will end with our next call, on February 9th, 2015.
--
Mike West <mkwst@google.com>, @mikewest
Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)