In the early days of WebSec there was such a goal. That is why HSTS begins with an “H”. It differentiates it with the DSTS that is based on DNS.
Nobody ever got around to writing a DSTS draft. HPKP does have a DNS equivalent - it’s DANE. Yoav > On Oct 29, 2014, at 8:55 PM, Anne van Kesteren <[email protected]> wrote: > > Is there some way we could add an annotation to DNS that makes it > clear a given domain for the purposes of HTTP is only available over > port 443 using TLS? DNS can be easily spoofed of course so you also > want HSTS, but perhaps it would be sufficient to be able to disable > port 80 entirely. > > > -- > https://annevankesteren.nl/ > > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
