On Fri 2016-06-03 10:49:57 -0400, Christoph Egger wrote:
> William Hay writes:
>> On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote:
>>> Hi,
>>>
>>> I enforce HTTPS on all my domains by sending the HSTS header to my
>>> visitors. HSTS forces the browser to use
On Fri, Jun 03, 2016 at 04:49:57PM +0200, Christoph Egger wrote:
> Well.
>
> http://pool.sks-keyservers.net(:11371)? --redirect-->
> https://keyserver.siccegge.de
>
> And if keyserver.siccegge.de present a valid certificate + HSTS would be
> a problem no? (and potentially undetected if the
William Hay writes:
> On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote:
>> Hi,
>>
>> I enforce HTTPS on all my domains by sending the HSTS header to my
>> visitors. HSTS forces the browser to use in future only secure
>> connections to this domain. More info
On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote:
> Hi,
>
> I enforce HTTPS on all my domains by sending the HSTS header to my
> visitors. HSTS forces the browser to use in future only secure
> connections to this domain. More info on Wikipedia[1] :)
> Since my keyserver could
Hi,
> I wrote up how I have nginx configured to do HSTS while being in the pool.
Yeah, of course this is possible. But I think the problem is, that
there's no hint for keyserver operators that they should have a look at
their configs.
If just one keyserver sends a HSTS header for a pool domain
I wrote up how I have nginx configured to do HSTS while being in the pool.
https://daylightpirates.org/index.html?posts/2016-05-25_hsts-hkps.md
Daniel
On Wed, May 25, 2016 at 3:47 PM, Valentin Sundermann wrote:
> Hi,
>
> I enforce HTTPS on all my domains by sending the HSTS
Hi,
I enforce HTTPS on all my domains by sending the HSTS header to my
visitors. HSTS forces the browser to use in future only secure
connections to this domain. More info on Wikipedia[1] :)
Since my keyserver could be added to pools of keyservers without any
notice to me. It could be possible