FYI: HSTS preload enforcing continued requirements
46 views
Skip to first unread message
Joe DeBlasio
Apr 25, 2023, 12:44:24 PM4/25/23
to blink-dev
Hi folks,
Comments, either on-list or directly to me, are most welcome,
Joe
This is a heads-up that the HSTS preload list (https://hstspreload.org) has started enforcing its requirements that domains maintain their preload eligibility after enrollment.
While these requirements have always been present, we haven't previously enforced them. However, the HSTS preload list has grown to more than 1MB in binary size (and more than 20MB in source). Enforcing existing requirements resulted in an immediate reduction in size by almost half.
Removing HSTS preloading will not cause breakage, though impacted sites will lose protections against downgrade attacks. Impacted sites can regain protections by following instructions at https://hstspreload.org to re-add their sites to the preload list.
Removing HSTS preloading will not cause breakage, though impacted sites will lose protections against downgrade attacks. Impacted sites can regain protections by following instructions at https://hstspreload.org to re-add their sites to the preload list.
Comments, either on-list or directly to me, are most welcome,
Joe
Reply all
Reply to author
Forward
0 new messages