Adding an IP address to the HSTS Preload list
Nick Harper
J.C. Jones
--
You received this message because you are subscribed to the Google Groups "HSTS Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hsts-discuss+unsubscribe@chromium.org.
To post to this group, send email to hsts-d...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/hsts-discuss/CACdeXi%2BPqrT13%3DrTEQVkRKseHOmsBNzLdZT6V%3DZMbA%3DOTxCsWg%40mail.gmail.com.
Nick Harper
Gabriel Montenegro
I can also confirm we won’t break with the new 1.1.1.1 and 1.0.0.1 entries (and similar ones you might subsequently add).
As for supporting and ingesting those, that’s something we can think about, but we’re not there yet.
Thanks,
Gabriel
From: Nick Harper <nha...@chromium.org>
Sent: 9 April, 2018 17:09
To: J.C. Jones <j...@mozilla.com>
Cc: hsts-d...@chromium.org
Subject: Re: Adding an IP address to the HSTS Preload list
Hi J.C.,
I'm not aware of any discussion of this that has occurred at the IETF.
I agree that it seems a bit weird to preload an IP address given what RFC 6797 says. The rationale for including this IP address is that a DNS service is one of the very few cases where branding with an IP address is legitimate.
On Mon, Apr 9, 2018 at 3:31 PM, J.C. Jones <j...@mozilla.com> wrote:
Hi Nick,
I've confirmed that this won't impact Firefox's ingestion tools, we'll just ignore that entry since the policy is "custom." If the policy became one of those we ingest into Firefox (currently 'public-suffix-requested', 'public-suffix', and 'google'), Firefox would load and then ignore the entry as it's not a hostname.
That said, I'm a bit concerned: HSTS defines itself in RFC 6797 as working on domain names, not on IP addresses. Appendix A point 4 is explicit here. Violating the spec in the most authoritative STS preload list there is seems a bit ... weird.
I, too, would like to see the new DNS resolvers get STS treatment. Has there been discussion of this at the IETF?
Thanks,
J.C.
Mozilla, Crypto Engineering
On Mon, Apr 9, 2018 at 1:20 PM, Nick Harper <nha...@chromium.org> wrote:
Hi,
I'm about to add an IP address to the HSTS preload list (https://chromium-review.googlesource.com/c/chromium/src/+/1003218). For those who are ingesting this list (e.g. other browser vendors), will the addition of an IP address cause issues?
-Nick
--
You received this message because you are subscribed to the Google Groups "HSTS Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hsts-discuss...@chromium.org.
To post to this group, send email to hsts-d...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/hsts-discuss/CACdeXi%2BPqrT13%3DrTEQVkRKseHOmsBNzLdZT6V%3DZMbA%3DOTxCsWg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "HSTS Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hsts-discuss...@chromium.org.
To post to this group, send email to hsts-d...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/hsts-discuss/CACdeXiJPqKBfhXCNuDVgU6jiiM93y6t_96KG2pde44nSe2G6pg%40mail.gmail.com.