HSTS Becomes Internet Standard, Ensuring Better Security for Sensitive Sites

The new technology ensures that encrypted connections are always used when required

HSTS, the HTTP Strict Transport Security, has become an internet standard as ratified by the Internet Engineering Task Force. What this means is that it's ready for implementation and that it's in a state that won't change for the foreseeable future.

HSTS, as the name suggests, is designed to ensure that secured, encrypted connections are always used for the sites that require them.

While plenty of sites offer a HTTPS option or are served via HTTPS by default, they're still accessible via the unsecured HTTP.

In most cases, sites would simply redirect users that visit them via a HTTP address, but a man in the middle attack can prevent that.

Users would continue to use the secure HTTP and may not even notice expecting to have been redirected to the secured version of the site.

In practice, browsers will keep a list of sites that use HSTS, i.e. that require HTTPS. Unencrypted HTTP connections to these sites will be blocked from the get go.

Hot right now  ·  Latest news