Re: Thoughts on HSTS
Date: Tue, 01 Sep 2020 09:43:09 +0200
On Monday, August 31, 2020 11:56:43 PM CEST Daniel Stenberg via curl-library
wrote:
> Hi!
>
> HTTP Strict Transport Security (HSTS) is (simply put) a way for an HTTPS
> server to say that the host name should not be accessed over HTTP, only
> HTTPS - for a set number of seconds into the future.
>
> I've started to work on an implementation for curl and while doing so, I've
> put down some ideas in the wiki on how to interface this from curl and
> libcurl. I'm interested in feedback:
>
> https://github.com/curl/curl/wiki/HSTS
The proposed interface looks reasonable to me.
One minor remark: Why is `--hsts .` going to be used to specify in-memory mode
when `--alt-svc ""` is already being used to specify in-memory mode elsewhere?
Kamil
> (In a completely unscientific poll on twitter, 60% of the 559 persons who
> answered said they'd like to see HSTS support added to curl:
> https://twitter.com/bagder/status/1299357395357925376)
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-09-01