On Wednesday 06 April 2016 14:31:17 Juaristi Álamos, Ander wrote:
Hi all,
Here are some patches for HSTS.
- 0001: checks the HSTS database file is not world-writable, and
refuses to read it if it is, and disables HSTS. This was in my original
Doesn't it make sense to share the HSTS database globally ? It is basically
global data (domain specific) and not user specific.
Thinking forward, a central (trusted) database/daemon for HSTS entries would
be nice - sooner or later almost any domain supports HSTS. Each process
loading/saving a huge file would not be efficient.
Same goes for e.g. cert pinning (but not for cookies which are private data).
Regards, Tim