6 Aug
2011
6 Aug
'11
11:40 a.m.
On Sat, 6 Aug 2011 04:30:09 -0400, Loui Chang wrote:
This is why the redirects are also a charade. If Bob requests http://aur.archlinux.org but is redirected to http://aur.archlinux.frank.org rather than https://aur.archlinux.org he is probably expecting http anyways and may not bat an eye.
HSTS tries to address this issue. At least regular users will be secured by using this. -- Pierre Schmitz, https://users.archlinux.de/~pierre