On Mon, Jul 14, 2014 at 7:09 AM, Guillem Jover wrote: > HSTS protects mostly from MITM (except for first connection), but I'm > not sure if DSA is planning to add it. HSTS is a standard part of HTTPS setup on machines run by DSA, so it is very likely they will. -- bye, pabs https://wiki.debian.org/PaulWise