Em janeiro 5, 2017 14:26 Pierre Schmitz escreveu:
In general a great idea. Our Torrent tracker does not support https as it seems: http://tracker.archlinux.org:6969/stat I haven't looked into it yet though. Port 443 redirects to bbs which is strange...
I only tested port 443 on those servers. sslyze can test for STARTTLS on most services (smtp and others) but I focused on standard https. If the tracker is not replying on https, I'm confident we can make it do so. My intention with the RFC was/is mainly to see if we have any show stoppers that might prevent us from doing so. And, it is worth noting that HSTS preloading works mainly (only?) for browsers. Libraries and command line tools don't use it, as far as I know, nor would Bittorrent clients. Also, once included, removal is not very easy. So, if we do this, we must be sure we will not host anything not using TLS. One option though is to not include subdomains and only make archlinux.org and www to the preload list now, and make the entire domain, after we are sure. Cheers, Giancarlo Razzolini