Hi, Jeff Hodges and Andy Steingruebl here..
The HTTP Strict Transport Security (HSTS) spec is now an IETF Internet-Draft, and available here (for now): http://tools.ietf.org/html/draft-hodges-strict-transport-sec
Also, we held a successful BoF at IETF-78 Maastricht last month, named "HASMAT" (for "HTTP Application Security Minus Authentication & Transport"), the result being that a new IETF Working Group will be formed (which may be named HASMAT or something else), into which the HSTS spec will land. Once that happens, the spec will likely become a working group item, and thus the filename and URI for that new version will change (just fyi). We'll post about that when it occurs.
In terms of Firefox support, the HSTS implementation has landed in the nightlies (thanks Sid!) and will be included in the next Firefox 4.0 beta. Note that HSTS is already a feature in Google Chrome as of version 4.
Enjoy!
Mozilla Security Blog: HTTP Strict Transport Security
Comments
You can follow this conversation by subscribing to the comment feed for this post.