I've been playing with HTTP Strict Transport Security (HSTS, I'm late to the party as usual) and there's some misconceptions that I had going in that I didn't know about that threw me a bit. So, here's a no nonsense guide to HSTS.
Over the last few months I've been putting together my talk for the year, based on a blog post that is titled "HTTPS is Hard". You can read the full article on the Yell blog on which it is published. There's also an abridged version on Medium. It's been a very long time coming, and has changed over the time I've been writing it, so I thought I'd get down a few reflections on the article.
I was lucky enough to attend Edge Conf in London this year, a day that I always truly enjoy. The main sessions of the conference were streamed live and videos will be available later, but the break-outs weren't recorded. These were the sessions I enjoyed the most and it's a shame that people won't see them without being there - so here's my notes on what was said to the best of my ability (and with a big hat tip to George Crawford for his notes). Patrick Kettner was the moderator.