[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47823: Hardenize Guix website TLS/DNS
From: |
Dr. Arne Babenhauserheide |
Subject: |
bug#47823: Hardenize Guix website TLS/DNS |
Date: |
Fri, 16 Apr 2021 23:36:15 +0200 |
User-agent: |
mu4e 1.4.15; emacs 27.2 |
Leo Famulari <leo@famulari.name> writes:
>> - Force redirection of insecure connection with plain text to TLS
>> - HSTS/HSTS-preload support missing (important)
>
> Yes, we should enable these.
Be careful with HSTS, it can make the site inaccessible if you lose
access to a certificate and have to replace it. And yes, that can happen
easily, and you then won’t have a way to inform visitors why they cannot
access the site. If you enable it, make absolutely sure that the max-age
is short enough.
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein
ohne es zu merken
signature.asc
Description: PGP signature