[Ach] few suggestions: HSTS, code / config snippets
Aaron Zauner
azet at azet.org
Sun Jan 12 19:17:45 CET 2014
Hi Martin,
Yes please do so. HSTS is missing and quite important.
Thanks,
Aaron
On Sun, Jan 12, 2014 at 7:06 PM, Martin Rublik <martin.rublik at gmail.com>wrote:
> On 9. 1. 2014 12:13, Martin Rublik wrote:
> > 1. HSTS and HTTPS redirects
> > ---------------------------
> > I quickly skimmed through the document and saw no explanation of HSTS /
> HTTPS
> > redirects. I think it would be nice to add a short explanation of HSTS
> before
> > recommending.
> >
> > Especially it would be nice to point out that one should avoid HSTS for
> OCSP and
> > CRL distribution point URIs.
> >
> > I guess the topic on HSTS / HTTPS redirects would fit in theory part
> along with
> > a little explanation of SSL/TLS, or at least as a note in references in
> the
> > Webservers section. One could cite at least RFC 6797 (at least section 11
> > https://tools.ietf.org/html/rfc6797#section-11 ) and OWASP
> > https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
> >
>
> OK, if there are no objections I'll try to prepare a few paragraphs on
> deploying
> HSTS, perhaps an introduction to SSL/TLS (in theory section) would not
> harm as well.
>
> Martin
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140112/024708a0/attachment.html>
More information about the Ach
mailing list