On Sat, 6 Aug 2011 04:30:09 -0400, Loui Chang wrote: > This is why the redirects are also a charade. > If Bob requests http://aur.archlinux.org but is redirected to > http://aur.archlinux.frank.org rather than https://aur.archlinux.org > he is probably expecting http anyways and may not bat an eye.
HSTS tries to address this issue. At least regular users will be secured by using this. -- Pierre Schmitz, https://users.archlinux.de/~pierre