From cad2f2d2d54478746a62f693e178d2a9b0fa6aa5 Mon Sep 17 00:00:00 2001
From: Jonathan Hodgson <git@jonathanh.co.uk>
Date: Wed, 9 Dec 2020 16:13:39 +0000
Subject: [PATCH] BIN: analyse-headers: Add more notes to expect-ct description

As pointed out by <Dom Ingram>, the expect-ct is likely to become
obsolete in June 2012

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
---
 bin/.bin/webtest/analyse-headers | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bin/.bin/webtest/analyse-headers b/bin/.bin/webtest/analyse-headers
index b4c0c2c2..35ba5cfd 100755
--- a/bin/.bin/webtest/analyse-headers
+++ b/bin/.bin/webtest/analyse-headers
@@ -313,7 +313,13 @@ to check for potential breakages\n\n"
 	elif ! echo "$value" | grep -q "enforce"; then
 		echo "Expect-CT" | drawInBox
 		wecho "The enforce directive was not found. It can be useful to omit \
-this whilst testing the header, but should be added once testing has finished.\n\n"
+this whilst testing the header, but should be added once testing has finished.
+Without the enforce directive, the browser will not refuse connections that \
+violate the Certificate Transparency policy.
+The Expect-CT will likely become obsolete in June 2021. Since May 2018 new \
+certificates are expected to support SCTs by default. Certificates before \
+March 2018 were allowed to have a lifetime of 39 months, those will all be \
+expired in June 2021.\n\n"
 		return 1
 	fi
 }