Rather than maintaining a list of HSTS websites which isn't cross-browser, why i... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

level on Dec 6, 2017 | parent | context | favorite | on: The days of .dev domains for testing code are over

Rather than maintaining a list of HSTS websites which isn't cross-browser, why is there not an optional HSTS flag attached to the DNS response? I don't know anything about DNS requests, so changing the protocol in a backwards compatible way might be impossible, but that seems like a much better way to maintain that information than with a separate list.

ekimekim on Dec 6, 2017 [–]

That would need to be combined with DNSSEC to be useful for security, but with that caveat that sounds like a good idea.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact