« Microsoft publishes BinScope and MiniFuzz | Main | New open source web application layer firewall 'ESAPI WAF' released »

Strict Transport Security (STS) draft specification is public

Fellow coworker Jeff Hodges has announced the formal specification draft for Strict Transport Security. STS is a new proposed protocol for allowing a website to instruct returning visitors to never visit the site on http, and to only visit the site over https and is entirely opt in. This can prevent MITM situations where an attacker can sniff or inject content into an HTTP stream, and can only be set over HTTPS.

If you're into bleeding application security research/work this is worth checking out.

STS Specification: http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html
Announcement: http://www.webappsec.org/lists/websecurity/archive/2009-09/msg00060.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!