[webkit-dev] HSTS user tracking

Brent Fulgham bfulgham at apple.com
Thu Mar 1 12:50:46 PST 2018


Sure — I’ll ask Jon to get it scheduled to post.

> On Mar 1, 2018, at 11:50 AM, Maciej Stachowiak <mjs at apple.com> wrote:
> 
> 
> 
>> On Mar 1, 2018, at 10:44 AM, Michael Catanzaro <mcatanzaro at igalia.com> wrote:
>> 
>> On Fri, Jan 5, 2018 at 3:11 PM, Brent Fulgham <bfulgham at apple.com> wrote:
>>> I´m sorry we haven´t been forthcoming with details. We have wanted to put together a blog post explaining our fix, but have been preoccupied with a number of other security issues.
>>> I will make this my top priority, or at least give a rough overview to the webkit-security folks if we can´t put together a blog-worthy document fast enough.
>>> Thanks,
>>> -Brent
>> 
>> Hi,
>> 
>> It'd still be great to get some details about your strategy for mitigating user tracking via HSTS.
>> 
>> It should be suitable for webkit-dev, rather than the private security list, right?
> 
> I think we should still publish the blog post, if it's at all close to ready. Brent?
> 
> - Maciej
> 



More information about the webkit-dev mailing list