I think it's only a handful of certificats that are pinned (they call it "HSTS p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mkjones on July 18, 2012 \| parent \| context \| favorite \| on: Whistleblower Binney says the NSA has dossiers on ... I think it's only a handful of certificats that are pinned (they call it "HSTS preloading" here: http://www.imperialviolet.org/2011/05/04/pinning.html). While this does include gmail and some other Google properties, it doesn't seem to include any other major webmail services. Check out http://src.chromium.org/viewvc/chrome/trunk/src/net/base/tra... for the list of what's in there (linked to indirectly from http://dev.chromium.org/sts).

rictic on July 26, 2012 [–]

Ah dang, for some reason I thought that hotmail and y!mail were in there too. It looks like there's a commitment (which CAs you'll allow to sign your cert) that's needed from the site owner for HSTS to work. I hope they get in there one way or another soon.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact