ietf
[Top] [All Lists]

Re: https at ietf.org

2013-11-05 22:39:48

On Nov 5, 2013, at 6:45 PM, Marco Davids (Prive) 
<mdavids(_at_)forfun(_dot_)net> wrote:

On 11/5/13 6:39 PM, Joe Abley wrote:
On 2013-11-05, at 18:21, ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com wrote:

not every tool out there supports https.
That seems like the kind of thing we want to change (security as an 
afterthought vs. security as a fundamental requirement).

Enabling 'HTTP Strict Transport Security' (HSTS, RFC6797) might be a
good first step.

HSTS means that HTTP is off (or just redirects you to HTTPS). The first S 
stands for "strict" and we mean it. :-)


<Prev in Thread] Current Thread [Next in Thread>