Opened 4 years ago

Closed 15 months ago

#1414 closed enhancement (wontfix)

Get on preloaded HSTS lists

Reported by: killyourtv Owned by:
Priority: minor Milestone:
Component: www/i2p Version: 0.9.16
Keywords: Cc:
Parent Tickets:

Description

Perhaps we should try to get our domains (geti2p.net, *.i2p2.de) addded to main web browser's preloaded HSTS lists.

https://hstspreload.appspot.com/
https://blog.mozilla.org/security/2012/11/01/preloading-hsts/

A quick spot-check:

http://trac.i2p2.de 301 redirects to https://trac.i2p2.de and has an HSTS header
http://i2p2.de 301 redirects to http://geti2p.net (should redirect straight to https)
http://geti2p.net 301 redirects to https://geti2p.net and has an HSTS header

http://syndie.de isn't available via https
https://syndie-project.org has a self-signed certificate

Subtickets

Change History (2)

comment:1 Changed 3 years ago by str4d

  • Status changed from new to open

comment:2 Changed 15 months ago by echelon

  • Resolution set to wontfix
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.