From ncuc at tapani.tarvainen.info Wed Jun 19 11:49:42 2019 From: ncuc at tapani.tarvainen.info (Tapani Tarvainen) Date: Wed, 19 Jun 2019 12:49:42 +0300 Subject: [NCUC E-team] HSTS Message-ID: <20190619094942.GA774@kusti.tarvainen.info> FYI, I just enabled HSTS on www.ncuc.org and lists.ncuc.org. They've been running with enforced https redirect long enough to be confident HSTS won't break anything. And this makes them get 100% from https://internet.nl website test. :-) Note, ncuc.org without www gets only 94% because it redirects http directly to https://www.ncuc.org. I may get around to fixing this at some point, but it's not really important (incidentally, icann.org has the same problem). Email tests get only 78% but forwarders and especially list servers really can't make 100% anyway (at least not without enforcing sender rewrite for all, which would probably break too many things at this point). -- Tapani Tarvainen From mike.oghia at gmail.com Wed Jun 19 12:06:21 2019 From: mike.oghia at gmail.com (Michael J. Oghia) Date: Wed, 19 Jun 2019 12:06:21 +0200 Subject: [NCUC E-team] HSTS In-Reply-To: <20190619094942.GA774@kusti.tarvainen.info> References: <20190619094942.GA774@kusti.tarvainen.info> Message-ID: Thanks for checking (and fixing) this Tapani! Best, -Michael On Wed, Jun 19, 2019 at 11:49 AM Tapani Tarvainen < ncuc at tapani.tarvainen.info> wrote: > FYI, I just enabled HSTS on www.ncuc.org and lists.ncuc.org. > > They've been running with enforced https redirect long enough to be > confident HSTS won't break anything. > > And this makes them get 100% from https://internet.nl website > test. :-) > > Note, ncuc.org without www gets only 94% because it redirects > http directly to https://www.ncuc.org. I may get around > to fixing this at some point, but it's not really important > (incidentally, icann.org has the same problem). > > Email tests get only 78% but forwarders and especially list servers > really can't make 100% anyway (at least not without enforcing sender > rewrite for all, which would probably break too many things at this > point). > > -- > Tapani Tarvainen > _______________________________________________ > E-team mailing list > E-team at lists.ncuc.org > https://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ncuc at tapani.tarvainen.info Wed Jun 19 14:25:13 2019 From: ncuc at tapani.tarvainen.info (Tapani Tarvainen) Date: Wed, 19 Jun 2019 15:25:13 +0300 Subject: [NCUC E-team] HSTS In-Reply-To: References: <20190619094942.GA774@kusti.tarvainen.info> Message-ID: <20190619122513.GA5200@kusti.tarvainen.info> Fixed the redirection too, now ncuc.org (without www.) also gets 100%. So ncuc.org is now better than icann.org. :-) On Jun 19 12:06, Michael J. Oghia (mike.oghia at gmail.com) wrote: > Thanks for checking (and fixing) this Tapani! > > Best, > -Michael > > > > On Wed, Jun 19, 2019 at 11:49 AM Tapani Tarvainen < > ncuc at tapani.tarvainen.info> wrote: > > > FYI, I just enabled HSTS on www.ncuc.org and lists.ncuc.org. > > > > They've been running with enforced https redirect long enough to be > > confident HSTS won't break anything. > > > > And this makes them get 100% from https://internet.nl website > > test. :-) > > > > Note, ncuc.org without www gets only 94% because it redirects > > http directly to https://www.ncuc.org. I may get around > > to fixing this at some point, but it's not really important > > (incidentally, icann.org has the same problem). > > > > Email tests get only 78% but forwarders and especially list servers > > really can't make 100% anyway (at least not without enforcing sender > > rewrite for all, which would probably break too many things at this > > point). > > > > -- > > Tapani Tarvainen > > _______________________________________________ > > E-team mailing list > > E-team at lists.ncuc.org > > https://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team