[Ach] few suggestions: HSTS, code / config snippets
azet at azet.org
Sun Jan 12 19:17:45 CET 2014
Yes please do so. HSTS is missing and quite important.
On Sun, Jan 12, 2014 at 7:06 PM, Martin Rublik <martin.rublik at gmail.com>wrote:
> On 9. 1. 2014 12:13, Martin Rublik wrote:
> > 1. HSTS and HTTPS redirects
> > ---------------------------
> > I quickly skimmed through the document and saw no explanation of HSTS /
> > redirects. I think it would be nice to add a short explanation of HSTS
> > recommending.
> > Especially it would be nice to point out that one should avoid HSTS for
> OCSP and
> > CRL distribution point URIs.
> > I guess the topic on HSTS / HTTPS redirects would fit in theory part
> along with
> > a little explanation of SSL/TLS, or at least as a note in references in
> > Webservers section. One could cite at least RFC 6797 (at least section 11
> > https://tools.ietf.org/html/rfc6797#section-11 ) and OWASP
> > https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
> OK, if there are no objections I'll try to prepare a few paragraphs on
> HSTS, perhaps an introduction to SSL/TLS (in theory section) would not
> harm as well.
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach