[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH] Trivial changes in HSTS
From: |
Tim Ruehsen |
Subject: |
Re: [Bug-wget] [PATCH] Trivial changes in HSTS |
Date: |
Thu, 07 Apr 2016 12:52:10 +0200 |
User-agent: |
KMail/4.14.10 (Linux/4.4.0-1-amd64; KDE/4.14.14; x86_64; ; ) |
On Wednesday 06 April 2016 14:31:17 Juaristi Álamos, Ander wrote:
> Hi all,
>
> Here are some patches for HSTS.
>
> - 0001: checks the HSTS database file is not world-writable, and
> refuses to read it if it is, and disables HSTS. This was in my original
Doesn't it make sense to share the HSTS database globally ? It is basically
global data (domain specific) and not user specific.
Thinking forward, a central (trusted) database/daemon for HSTS entries would
be nice - sooner or later almost any domain supports HSTS. Each process
loading/saving a huge file would not be efficient.
Same goes for e.g. cert pinning (but not for cookies which are private data).
Regards, Tim
signature.asc
Description: This is a digitally signed message part.