|
|
|
|
|
|
by Thorrez
1002 days ago
|
|
|
That's not HSTS, that's TOFU. HSTS is about remembering to do an http:// -> https:// redirect. It's not about remembering a cert. The downside of TOFU in browsers, is that it trains users to always click through cert warnings. Train them to do it once, and they'll click through it again when there's a real attack. The warning is the same on the first time visiting the site and on a later time visiting it if the cert has changed. The TOFU UX in SSH is better, because it displays a different warning for when SSHing to a site for the first time vs SSHing to a site again and the cert has changed. https://en.wikipedia.org/wiki/Trust_on_first_use |
|
|