@sleevi_ @alexstamos @BRIAN_____ @_mwc Chrome could have a soft failure mode for weak https where the connections aren't marked as secure.
-
-
Replying to @CopperheadOS
@sleevi_@alexstamos@BRIAN_____@_mwc And it can be disabled when HSTS is enabled. So it won't hurt more than the fact that http can work.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@sleevi_@alexstamos@BRIAN_____@_mwc It would also be a nice way of coping with CA misbehavior that's deemed as not warranting removal.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@sleevi_@alexstamos@BRIAN_____@_mwc Instead, just stop marking those connections as secure and break the HSTS subset.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@sleevi_@alexstamos@BRIAN_____@_mwc Anyone using HSTS should be capable of moving to a new certificate promptly, so it's not a big deal.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@sleevi_@alexstamos@BRIAN_____@_mwc Chrome is essentially already doing this to an extent. It could be taken much further though.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec@sleevi_@alexstamos@_mwc Firefox is already doing better than that as of today. See https://www.fxsitecompat.com/en-US/docs/2015/sha-1-based-certificates-with-validity-period-from-2016-will-not-be-validated/ ….1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@CopperheadSec Chrome is doing the same. That said, Chrome is generally opposed to soft-UI as its a feel-good anti-pattern3 replies 0 retweets 2 likes -
Replying to @sleevi_
@sleevi_@CopperheadSec Re: "the same." Are you sure? It seems like Firefox is doing the right thing & Chrome is doing something useless.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____ Depends on useless. Discourages SHA-1 EE, doesn't prevent SHA-1 intermediates. FF looks like it only rejects new ints?2 replies 0 retweets 0 likes
Brian Smith Retweeted Ryan Sleevi
@sleevi_ Indeed, I take back what I said. Sorry. FWIW, "useless" was based on your characterization at https://twitter.com/sleevi_/status/679460833450045441 ….
Brian Smith added,
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.