[HTTPS-Everywhere] Always redirect to https when TLSA records exist?
Matthias Wimmer
m at tthias.eu
Fri Sep 12 02:39:08 PDT 2014
Hi Paul,
El 2014-09-12 10:57:33, Paul Wise escribió:
> Would it be possible for https-everywhere to always redirect to https
> when TLSA DNS records exist?
As far as I know publishing a TLSA records only indicates what
certificate is used on a given service.
Especially it does not indicate, that every resource available on a
given HTTP URI is also available on the corresponding HTTPS URI.
E.g. a shop may use a TLSA record for the X.509 certificate of its
secure webserver, but may only use https addresses for the payment
processing. It may not allow browsing the web shop using https.
Regards,
Matthias
--
Matthias Wimmer
Contact details: http://matthias.wimmer.tel/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140912/7f2badef/attachment-0001.sig>
More information about the HTTPS-Everywhere
mailing list