[Noisebridge-discuss] some discussion of HSTS and such mentioning Noisebridge

travis+ml-noisebridge at subspacefield.org travis+ml-noisebridge at subspacefield.org
Thu Jan 6 14:11:00 PST 2011


Ah, he made a clarification:

Sorry, should have been more clear.  These are sites which fall prey
to what I talked about in my blog.  Even though they set the STS
header on their main https site many users will never be protected by
TLS if they type in the alternate site (meaning domain.com if the main
site is www.domain.com and www.domain.com if the main site is
domain.com).  The only thing I was trying to point out here was it's
not that simple to get right.

- steve
-- 
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20110106/7498f028/attachment.pgp 


More information about the Noisebridge-discuss mailing list