|
|
|
|
|
|
by cnst
4148 days ago
|
|
|
What do you mean it's not true without HSTS? Do modern browsers now automatically switch to the http:// address scheme if https:// is no longer available? Because otherwise, unless you don't care about incoming links, bookmarks etc, there is indeed absolutely no going back, with or without HSTS. That's the problem, only solvable with opportunistic encryption. And if you have dozens of domains and subdomains, what would you do in 2 years if this only CA is then kaput? The value of their offering is definitely above 100 USD, it would appear. |
|
|
Browsers do not, humans do.