Re: Proposal: Marking HTTP As Non-Secure

On Mon, Dec 29, 2014 at 11:09 PM, Ryan Sleevi <rsleevi@chromium.org> wrote:

> On Mon, Dec 29, 2014 at 8:01 PM, Jim Manico <jim.manico@owasp.org> wrote:
> >
> > https://hstspreload.appspot.com/
> >
> > I don't think preloaded HSTS is part of the HSTS standard. How could we
> > raise adoption?
> >
>
> It doesn't need to be.


As for raising adoption, people just need to talk about it. I'm not sure
why more entities that have preloaded their domains aren't putting up blog
posts or press releases about it. "We're so secure that we're hardcoded
into browsers" seems like an all-upside PR move. I know I'm working on
taking advantage of that in my own work.

Received on Tuesday, 30 December 2014 22:32:14 UTC