aeris22’s avataraeris22’s Twitter Archive—№ 54,939

    1. …in reply to @troyhunt
      @troyhunt @lespacedunmatin HSTS, but also HPKP. And DNSSec with TLSA.
      Permalink On twitter.com Twitter logo aeris22’s avatar Mood 0
  1. …in reply to @aeris22
    @troyhunt @lespacedunmatin With HSTS only, you have no protection. Anybody can ask for a valid HTTPS certificate with LetsEncrypt as soon as he controls the DNS.
    On twitter.com Twitter logo aeris22’s avatar Mood -1 🙁
    1. …in reply to @aeris22
      @troyhunt @lespacedunmatin You need DNSSec too to protect against such DNS hijack (with TLSA for cert protection). And HPKP to detect certificate change.
      Permalink On twitter.com Twitter logo aeris22’s avatar Mood +1 🙂