It's good to see different groups working together to improve security. This week another browser manufacturer announced future support for an initiative relating to Transport Layer Security (TLS, the successor to SSL).
HTTP Strict Transport Security (HSTS) describes a method for a web site to tell client browsers that they should only interact with it over secure transport, i.e. TLS Whilst there have been browser plugins which support this draft specification, support for HSTS was announced for v4 of Google Chrome in January, and last week for v4 of Mozilla Firefox. Hopefully Microsoft Internet Explorer 9 and ,a href="http://www.opera.com/">Opera will also adopt this.
Why is it important? Some attacks mean that TLS is vulnerable if there are redirects from non-TLS (e.g. http://www.example.com) to TLS (https://www.example.com) content. And if part, or all, of your web site is only meant to be accessed over SSL, HSTS should be implemented now, ready for mainstream adoption.
Posted on: 31 August 2010 at 08:37 hrs