URS Question #7 The Working Group recommends that public comment be sought from Registry Operators on the following questions: 7a. What issues have you encountered with respect to implementing the HSTS-preloaded domain suspension remedy, if any? 7b. What would need to be done to help resolve the issues you have encountered? |
HSTS preloading is a function built into the browser whereby a global list of hosts enforce the use of HTTPS ONLY on their site. This removes the opportunity an attacker has to intercept and tamper with redirects over HTTP.
Suspending the HSTS-preloaded domain name has been problematic. FORUM reported that the suspension of HSTS-preloaded domain name requires it to obtain SSL certificates. Despite the fact that there are free SSL certificates available, FORUM will incur additional expenses to monitor and renew the certificates manually. The process will be further complicated if the Registry does not communicate regarding the status of the suspension. FORUM has been working with ICANN org to resolve this issue.
To better understand the issue, the Working Group seeks public comment from Registry Operators, which carry out the URS obligation of suspending disputed domain names, including the HSTS-preloaded domain names.