Firefox to force secure connections for selected domains

Discussion in 'other security issues & news' started by ronjor, Nov 2, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    https://www.infoworld.com/d/security/firefox-force-secure-connections-selected-domains-206292
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    To make them handy to anyone interested...

    Mozilla blog entry on this
    https://blog.mozilla.org/security/2012/11/01/preloading-hsts/

    Implement support for preloaded strict-transport-security (HSTS) sites
    https://bugzilla.mozilla.org/show_bug.cgi?id=760307

    Provide mechanism for sites to register as HSTS-always
    https://bugzilla.mozilla.org/show_bug.cgi?id=643922

    I haven't read all that carefully yet, but as long as the browser admin can disable this and HSTS across the board or on a site by site basis, and easily MITM SSL connections even for HSTS sites, it seems like an OK feature. It does appear that some certificate issues are being worked out:

    https://bugzilla.mozilla.org/show_bug.cgi?id=800882

     
  3. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
  4. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
Loading...
Thread Status:
Not open for further replies.