There is nothing blocking .dev domains responding over http. To be specific, a TLD can not block a protocol like that.
Amir Omidi (he/them) On Thu, Jan 11, 2024 at 22:13 Rob Sayre <[email protected]> wrote: > It sounds like that's a bug or at least a discrepancy. > > .dev domains should never respond over HTTP. The whole point is to avoid > that initial request. > > thanks, > Rob > > > On Thu, Jan 11, 2024 at 7:10 PM Aaron Gable <[email protected]> wrote: > >> This erratum changed "completed" to "initiated", so the document now >> correctly allows redirects from HTTP to HTTPS. If you believe that >> challenges should be able to be initiated over HTTPS as well, this erratum >> is not the right place for that discussion. >> >> But perhaps more importantly, ACME Servers do not have an HSTS Preload >> list. The idea of the preload list is an extension of HSTS implemented by >> certain browsers, but other user-agents are under no obligation to respect >> a preload list. >> >> Aaron >> >> On Thu, Jan 11, 2024 at 7:03 PM Rob Sayre <[email protected]> wrote: >> >>> Hi, >>> >>> Is this one valid? >>> >>> https://www.rfc-editor.org/errata/eid6843 >>> >>> > the challenge must be initiated over HTTP, not HTTPS. >>> >>> What if the host is on a .dev domain? That should be in the HSTS preload >>> list. >>> >>> thanks, >>> Rob >>> >>> _______________________________________________ >>> Acme mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/acme >>> >> _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
