[webkit-dev] HSTS user tracking

Michael Catanzaro mcatanzaro at igalia.com
Thu Mar 1 10:44:32 PST 2018


On Fri, Jan 5, 2018 at 3:11 PM, Brent Fulgham <bfulgham at apple.com> 
wrote:
> I’m sorry we haven’t been forthcoming with details. We have 
> wanted to put together a blog post explaining our fix, but have been 
> preoccupied with a number of other security issues.
> 
> I will make this my top priority, or at least give a rough overview 
> to the webkit-security folks if we can’t put together a blog-worthy 
> document fast enough.
> 
> Thanks,
> 
> -Brent

Hi,

It'd still be great to get some details about your strategy for 
mitigating user tracking via HSTS.

It should be suitable for webkit-dev, rather than the private security 
list, right?

Michael



More information about the webkit-dev mailing list