... It is not always appropriate to let any HTTP resource which can set a header "speak for" the entire origin.
-
-
@BRIAN_____@mnot nobody wants that. One alternative could be to push a policy statement in HTTPS stream or JS w/"stapled" DNSSEC authority -
@hillbrad@BRIAN_____@mnot I've been hoping someone would do DNSSEC stapled again (after https://www.imperialviolet.org/2011/06/16/dnssecchrome.html … ), something CA-compatible
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.