On 28/08/14 17:20, Camilo Viecco wrote: > 1. The PKP-RO header is not really useful, it might help on initial > deployment of PKP but it cannot really be tested when it really matters > most when you are actually changing certificates.
Why not? Why would it not be possible to deploy a PKP-RO and then change your certificates? > 2. Storing more data for websites for no benefit for the user seems like > a no-go (specially given concerns on mobile) therefore until proved > wrong the pkp-ro will be done for session only. Is the amount of data involved expected to be significant in size? > 3. To simplify development we will initially limit PKP-RO only to the > current connection. (no initial storage of PKP-RO) Isn't it simpler for development to treat the headers as identical apart from in the actual display of the error? Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
