> Quick nit/suggestion: ... is there any chance of renaming STS to something > else? Reason is (as you know) STS is used in WSS literature as Security > Token Service. This term has also made it into the OAuth drafts.Well, from an HTTP perspective, "Strict Transport Security" is what made most sense to a number of colleagues when we were discussing names. However, I've been thinking that we should probably qualify the name because it /is/ HTTP-specfic, i.e. "HTTP Strict Transport Security" yielding "HSTS" as an acronym (yes, I'm well aware of the acronym collision you mention).
=JeffH
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.