On Nov 5, 2013, at 6:45 PM, Marco Davids (Prive)
<mdavids(_at_)forfun(_dot_)net> wrote:
On 11/5/13 6:39 PM, Joe Abley wrote:
On 2013-11-05, at 18:21, ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com wrote:
not every tool out there supports https.
That seems like the kind of thing we want to change (security as an
afterthought vs. security as a fundamental requirement).
Enabling 'HTTP Strict Transport Security' (HSTS, RFC6797) might be a
good first step.
HSTS means that HTTP is off (or just redirects you to HTTPS). The first S
stands for "strict" and we mean it. :-)