You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are some conflicts between the STS standard and the DANE specification.
The current STS draft states[1]:
from section 2.2:
2. The UA terminates, without user recourse, any secure transport
connection attempts upon any and all secure transport errors or
warnings, including those caused by a site presenting self-signed
certificates.
This means we cannot use dane certificate associations for self-signed certificates together with STS. We currently work around this problem by rewriting the URL to HTTPS, but we feel that this is an ugly solution.
There are some conflicts between the STS standard and the DANE specification.
The current STS draft states[1]:
from section 2.2:
2. The UA terminates, without user recourse, any secure transport
connection attempts upon any and all secure transport errors or
warnings, including those caused by a site presenting self-signed
certificates.
This means we cannot use dane certificate associations for self-signed certificates together with STS. We currently work around this problem by rewriting the URL to HTTPS, but we feel that this is an ugly solution.
Todo:
[1] http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-00
The text was updated successfully, but these errors were encountered: