Re: HSTS Misuse from Philipp Junghannß on 2016-05-23 (ietf-http-wg@w3.org from April to June 2016)

From: Philipp Junghannß <teamhydro55555@gmail.com>
Date: Mon, 23 May 2016 12:28:05 +0200
To: Solarus Lumenor <solarus@ultrawaves.fr>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CACHSkNpkweC6oUrP-OpGSYu_RWLEFgVbePVZBR_hfTyPkV=MxQ@mail.gmail.com>

well but HSTS on DNS level is in my opinion a similar thing like TLSA to
HPKP and I think TLSA is a lot better because you can manage it a lot
easier and quicker.

also usually even on a provider. in many cases the owner has more control
over the DNS than the HTTP headers.

2016-05-23 12:06 GMT+02:00 Solarus Lumenor <solarus@ultrawaves.fr>:

> Le 2016-05-23 10:49, Solarus Lumenor a écrit :
>
>
> As long as HSTS in DNS is not standardized or implemented, the domain
> owner does not matters, it’s only a server problem.
>
> Sorry for this anwser.
>
> Assuming that HSTS is activated in the DNS zone, the problem is slightly
> the same.
> If you activate HSTS in a zone that serve HTTP, then the connexion will be
> blocked.
>
> There is no other solution than educate users to best pratices and good
> use case.
>
> Human problems, human solutions. :)
> Solarus.
>
>

Received on Monday, 23 May 2016 10:29:13 UTC