|
|
|
|
|
|
by peterwwillis
5083 days ago
|
|
|
It's still one possible solution to the problem. If one's windows dns client were a DNSSEC-validating stub resolver[1], and you believe that in the future we will come to a point where network admins stop fucking with DNS traffic for no good reason, they could authenticate information from the website's dns on first-visit and avoid HSTS's pitfall. Note that I never said this was going to be practical :) [1] https://www.internetsociety.org/deploy360/resources/dnssec-t... |
|
|