I can’t do a detailed post right now, pointing to announcement message and the spec itself will have to do. This is what I’ve been working on since joining PayPal…
fyi: Strict Transport Security specification
http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html
draft-hodges-strict-transport-sec-05.plain.html
http://lists.w3.org/Archives/Public/www-archive/2009Sep/0051.html
This specification embodies and refines the approach proposed in..
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
https://crypto.stanford.edu/forcehttps/forcehttps.pdf
=JeffH sez check it out!
Average Rating: 4.4 out of 5 based on 262 user reviews.