|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org In-Reply-To: <CAGFn2k3MftTV4T3edjygRjut60CBErp6YyiB8_eE7mX6fFtrZQ@mail.gmail.com> From: Yang Yu <yang.yu.list@gmail.com> Date: Sat, 27 Feb 2016 19:24:08 -0600 To: Rubens Kuhl <rubensk@gmail.com> Cc: Nanog <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org On Sat, Feb 27, 2016 at 5:40 PM, Rubens Kuhl <rubensk@gmail.com> wrote: > Since many commonly used web properties are moving to HSTS + HPKP + CT it > will become increasingly difficult to balance performance and security in > high latency connections, but when it comes to a payment gateway, that > airline should probably turn off acceleration for paypal.com and 3-D Secure > bank pages. Paypal's certificate is not pinned in Chrome/Firefox. imo a hard error is desirable in this kind of scenario. https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json?view=markup https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#New_sites_pinned_in_Firefox_32 FWIW Southwest uses Row 44 (GEE Media) for inflight wifi. http://www.geemedia.com/products/connectivity
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |