https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #5 from Jens Borgland <jens.borgl...@gmail.com> --- I agree that the bootstrapping is a problem (and it's recognized in the RFC as well) but I still think that HSTS helps reduce the attack window quite drastically and therefore has significant benefits. Tomcat is also often used for more or less internal applications within organizations where a pre-loaded list (perhaps configured using a group policy) may very well be a viable solution. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
