aeris22’s avataraeris22’s Twitter Archive—№ 54,938

  1. …in reply to @troyhunt
    @troyhunt @lespacedunmatin HSTS, but also HPKP. And DNSSec with TLSA.
    On twitter.com Twitter logo aeris22’s avatar Mood 0
    1. …in reply to @aeris22
      @troyhunt @lespacedunmatin With HSTS only, you have no protection. Anybody can ask for a valid HTTPS certificate with LetsEncrypt as soon as he controls the DNS.
      Permalink On twitter.com Twitter logo aeris22’s avatar Mood -1 🙁
      1. …in reply to @aeris22
        @troyhunt @lespacedunmatin You need DNSSec too to protect against such DNS hijack (with TLSA for cert protection). And HPKP to detect certificate change.
        Permalink On twitter.com Twitter logo aeris22’s avatar Mood +1 🙂