W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2017

Re: [websec] Notes from an HSTS Meetup (Sep. 2016)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 20 Jan 2017 19:52:19 +0100
Message-ID: <CADnb78gJCQnyDan4+NFYmOa=p9i5=STw==awSXanv_-6pr3NqA@mail.gmail.com>
To: Eric Mill <eric.mill@gsa.gov>
Cc: Lucas Garron <lgarron@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, websec <websec@ietf.org>
On Fri, Jan 20, 2017 at 7:38 PM, Eric Mill <eric.mill@gsa.gov> wrote:
> It's a novel approach, and potentially could serve as a model for other TLDs
> or suffixes -- so if folks have any feedback or suggestions about this
> effort, it'd be welcome and timely.

Is the reverse not possible? Where everything .gov is HSTS, unless
it's on an HTTP-safelist? Or would that list still be way longer?

Received on Friday, 20 January 2017 18:52:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:59 UTC