- Original Message -
> There is a non-standard preload token that Google requires to get onto
> Chrome's HSTS preload list[0] which is also used by Firefox. Any chance
> of supporting this? Or is its omission a conscious decision?
>
>
> [0] https://hstspreload.appspot.com/
>
>
FWIW, fr
On Sat, 18 Jul 2015 02:53:01 +0200
Reyk Floeter wrote:
> HSTS is a good thing and widely pushed, eg. by Google, in an effort to
> enforce HTTPS over HTTP. It is a useful security option
I agree HSTS is useful but disagree with the rhetoric personally. It
improves security for average website de
On Fri, Jul 17, 2015 at 08:51:54PM -0400, Ted Unangst wrote:
> Reyk Floeter wrote:
> > On Fri, Jul 17, 2015 at 08:20:11PM -0400, Ted Unangst wrote:
> > > Florian Obser wrote:
> > > > OK?
> > > >
> > > > diff --git httpd.conf.5 httpd.conf.5
> > > > index b3eaad8..bfca29f 100644
> > > > --- httpd.co
On 2015/07/17 20:51, Ted Unangst wrote:
> Reyk Floeter wrote:
> > On Fri, Jul 17, 2015 at 08:20:11PM -0400, Ted Unangst wrote:
> > > Florian Obser wrote:
> > > > OK?
> > > >
> > > > diff --git httpd.conf.5 httpd.conf.5
> > > > index b3eaad8..bfca29f 100644
> > > > --- httpd.conf.5
> > > > +++ http
Reyk Floeter wrote:
> On Fri, Jul 17, 2015 at 08:20:11PM -0400, Ted Unangst wrote:
> > Florian Obser wrote:
> > > OK?
> > >
> > > diff --git httpd.conf.5 httpd.conf.5
> > > index b3eaad8..bfca29f 100644
> > > --- httpd.conf.5
> > > +++ httpd.conf.5
> > > @@ -262,6 +262,18 @@ root directory of
> >
On Sat, 18 Jul 2015, at 12:14 PM, Florian Obser wrote:
> OK?
>
> diff --git httpd.conf.5 httpd.conf.5
> index b3eaad8..bfca29f 100644
> --- httpd.conf.5
> +++ httpd.conf.5
> @@ -262,6 +262,18 @@ root directory of
> .Xr httpd 8
> and defaults to
> .Pa /run/slowcgi.sock .
> +.It Ic hsts Oo Ar opt
On Fri, Jul 17, 2015 at 08:20:11PM -0400, Ted Unangst wrote:
> Florian Obser wrote:
> > OK?
> >
> > diff --git httpd.conf.5 httpd.conf.5
> > index b3eaad8..bfca29f 100644
> > --- httpd.conf.5
> > +++ httpd.conf.5
> > @@ -262,6 +262,18 @@ root directory of
> > .Xr httpd 8
> > and defaults to
> >
On Sat, Jul 18, 2015 at 12:14:37AM +, Florian Obser wrote:
> OK?
>
As discussed, I like the implementation this way.
Comments below.
Reyk
> diff --git httpd.conf.5 httpd.conf.5
> index b3eaad8..bfca29f 100644
> --- httpd.conf.5
> +++ httpd.conf.5
> @@ -262,6 +262,18 @@ root directory of
>
Florian Obser wrote:
> OK?
>
> diff --git httpd.conf.5 httpd.conf.5
> index b3eaad8..bfca29f 100644
> --- httpd.conf.5
> +++ httpd.conf.5
> @@ -262,6 +262,18 @@ root directory of
> .Xr httpd 8
> and defaults to
> .Pa /run/slowcgi.sock .
> +.It Ic hsts Oo Ar option Oc
> +Enable HTTP Strict Trans
