Y
Hacker News
new
|
ask
|
show
|
jobs
by
kenniskrag
2126 days ago
With HSTS and preload it should mitigate the vulnerability.
1 comments
adrr
2126 days ago
Issues with HSTS is that it is opt in. It should be an opt out with a list of legacy sites that ships with the browsers similar to how hsts preloading works.
link
Polylactic_acid
2126 days ago
The option browser vendors are going with seems to be to make http show a full page warning about being insecure. No need to change HSTS now.
link