• RecommendationProposals

/2006/WSC/drafts/rec/rewrite.html#sec-tlserrors

Changing the last paragraph is the proposal

current text:

The requirements in this section do not require user agents to store information about past interactions longer than they otherwise would. Historical TLS information stored for the purposes of evaluating security relevant changes of behavior MAY be expunged from the user agent on the same schedule as other browsing history information. Historical TLS information MUST NOT be expunged prior to other browsing history information. For purposes of this requirement, browsing history information includes visit logs, bookmarks, and information stored in a user agent cache.

Johnathan's proposal:

The requirements in this section do not require user agents to store information about past TLS interactions longer than they otherwise would, they only serve to govern the treatment of that information, if stored. Historical TLS information stored for the purposes of evaluating security relevant changes of behavior MAY be expunged from the user agent on the same schedule as other browsing history information. Historical TLS information MUST NOT be expunged prior to other browsing history information. For purposes of this requirement, browsing history information includes visit logs, bookmarks, and information stored in a user agent cache.

Thomas' proposal:

User agents that support pinning MUST record that a site shows a validated certificate. Historical TLS information stored for the purposes of evaluating security relevant changes of behavior MAY be expunged from the user agent on the same schedule as other browsing history information. Historical TLS information MUST NOT be expunged prior to other browsing history information. For purposes of this requirement, browsing history information includes visit logs, bookmarks, and information stored in a user agent cache.