Re: HSTS Misuse from Solarus Lumenor on 2016-05-23 (ietf-http-wg@w3.org from April to June 2016)

From: Solarus Lumenor <solarus@ultrawaves.fr>
Date: Mon, 23 May 2016 11:06:14 +0100
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <19a0a6cfdeac003c5e1c20c3360055ce@ultrawaves.net>

 

Le 2016-05-23 10:49, Solarus Lumenor a écrit : 

> As long as HSTS in DNS is not standardized or implemented, the domain owner does not matters, it's only a server problem.

Sorry for this anwser. 

Assuming that HSTS is activated in the DNS zone, the problem is slightly
the same.
If you activate HSTS in a zone that serve HTTP, then the connexion will
be blocked.

There is no other solution than educate users to best pratices and good
use case. 

Human problems, human solutions. :)
Solarus.

Received on Monday, 23 May 2016 10:06:48 UTC