HSTS Priming, continued. from Mike West on 2015-11-06 (public-webappsec@w3.org from November 2015)

From: Mike West <mkwst@google.com>
Date: Fri, 6 Nov 2015 15:33:11 +0100
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Richard Barnes <rbarnes@mozilla.com>, Jeff Hodges <jeff.hodges@paypal.com>, Anne van Kesteren <annevk@annevk.nl>, Brad Hill <hillbrad@gmail.com>, Adam Langley <agl@google.com>
Message-ID: <CAKXHy=cqvrdMv_Aat6CjAsJ41taU4Yduz2NC1fbu5FYRaNBM1w@mail.gmail.com>

The discussion at TPAC more or less convinced me that Richard's HSTS
Priming proposal is a good one that we should explore. To that end, I put
together a little bit more detail about what it would mean for Fetch and
etc. so that we have more details to argue about.

I'd appreciate it if you'd take a quick look at
https://mikewest.github.io/hsts-priming/ and give some feedback about those
details (Note: I think the normative changes should end up in Fetch and
HSTS and MIX, but it's easier to discuss a single document than a set of
diffs).

CCing some folks who I think might be particularly interested.

-mike

Received on Friday, 6 November 2015 14:34:01 UTC