|
|
|
|
|
|
by amluto
3602 days ago
|
|
|
What exactly is he proposing? Without some additional change, if I make a link to http://bank.com, any MITM can trivially force an unencrypted connection and somehow the user needs to notice (or be lucky enough to have HSTS know about bank.com). I can see an argument for having DANE-like records include an HSTS instruction, but nothing like that is mentioned in the article. |
|
|