From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-135639-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1S26KB-0004ty-Sh
	for garchives@archives.gentoo.org; Mon, 27 Feb 2012 19:33:32 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C1B0BE077E;
	Mon, 27 Feb 2012 19:33:16 +0000 (UTC)
Received: from mail2.viabit.com (mail2.viabit.com [65.246.80.16])
	by pigeon.gentoo.org (Postfix) with ESMTP id C13C4E077E
	for <gentoo-user@lists.gentoo.org>; Mon, 27 Feb 2012 19:32:11 +0000 (UTC)
Received: from [10.1.1.204] (unknown [65.213.236.244])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail2.viabit.com (Postfix) with ESMTPSA id 59F0238381
	for <gentoo-user@lists.gentoo.org>; Mon, 27 Feb 2012 14:32:11 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orlitzky.com; s=mail2;
	t=1330371131; bh=Lsyn6fvWou2W5pxHcBfwB348yxwjEeCeuAneGUZgbfQ=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	 In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=dEM7BZH4U8yTK2TYxGq6gFcRtjsaoeFhriUUs4tXs9TYqFpgwgVL55awOekgr3oba
	 nr9oM+RmOE4XEv40GfAaAkFjotyLKuLJzxwtgTsty3+WC7TMIqUrHuK4FaMXy5SUfp
	 pMNSDwCyE0IUiLS06ixB2icwUl3nLxjofznAkKe0=
Message-ID: <4F4BDA3B.6020809@orlitzky.com>
Date: Mon, 27 Feb 2012 14:32:11 -0500
From: Michael Orlitzky <michael@orlitzky.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20120116 Thunderbird/9.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] This Connection is Untrusted: WAS: Firefox-10.0.1
 fails to compile on x86
References: <CAK2H+edQXfuoy8YhgyWMWyxdSYRHtCSzcNwZnXwbDYmVAejueQ@mail.gmail.com> <CAEH5T2MaNW77oG1yVALW5ngzZZBNbySaFsfoAu821iczEqmW-w@mail.gmail.com> <CAK2H+edV-43wBN8qo9dwnfy-7Omx4s+_00LOUjAwVRee1KmnbA@mail.gmail.com> <CAC=wYCGUKraypKaGKEqRJyeNUR3diXTeU9QL0qCp12QU0eJBbg@mail.gmail.com> <4F47401F.5090600@binarywings.net> <4F47BE2A.6050202@orlitzky.com> <CAEH5T2MDUjjzem5g_D+1n9wCSdfE_15ZR4iGSErKLqM1n_qOdQ@mail.gmail.com> <4F4BCEB5.7010006@binarywings.net>
In-Reply-To: <4F4BCEB5.7010006@binarywings.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: dd1b8961-7f6e-4e98-82ce-2025cda26663
X-Archives-Hash: 5779849e1b920da0e1b3cf033d761274

On 02/27/12 13:43, Florian Philipp wrote:
> 
> Just a small follow-up: A neat server-sided trick I didn't know until
> now is HTTP Strict Transport Security [1]. It prevents users from
> clicking away SSL warnings and prevents mixed content.
> 
> [1] http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> 
> Regards,
> Florian Philipp

This is nice, although, as with all nice things, it doesn't work in
Internet Explorer.

We try to hack together the same effect using Apache's mod_rewrite and
redirects, but it's hard to get right. Most off-the-shelf web apps (e.g.
Wordpress) do their best to thwart you.