{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:5Q2ECPCIJZ7PNXJFAQ72YYOVS7","short_pith_number":"pith:5Q2ECPCI","schema_version":"1.0","canonical_sha256":"ec34413c484e7ef6dd25043fac61d597e529f2ba2e1481e3a15e91ffa68193d0","source":{"kind":"arxiv","id":"2605.04642","version":1},"attestation_state":"computed","paper":{"title":"Securing the Web with HSTS-Enforced","license":"http://creativecommons.org/licenses/by/4.0/","headline":"HSTS-Enforced defaults all web connections to HTTPS and requires explicit indicators for any site that must use HTTP.","cross_cats":["cs.NI"],"primary_cat":"cs.CR","authors_text":"Aaron van Diepen, Adrian Zapletal, Fernando Kuipers","submitted_at":"2026-05-06T08:33:12Z","abstract_excerpt":"TLS stripping attacks expose sensitive web traffic by forcing secure HTTPS connections to fall back to unencrypted HTTP. At present, protection against these attacks relies on website operators explicitly opting into security by deploying mechanisms such as HTTP Strict Transport Security (HSTS) headers. These mechanisms have significant limitations: some are weak or difficult to configure, which raises the risk of misconfiguration and reduces practical adoption; others violate HTTP backward compatibility; at least one can even be abused to enable unintended user tracking.\n  We introduce HSTS-E"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":true,"formal_links_present":false},"canonical_record":{"source":{"id":"2605.04642","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-06T08:33:12Z","cross_cats_sorted":["cs.NI"],"title_canon_sha256":"9094c2e8a2ee1989c120a3ba4ede31216d7af9528cadb067ec8c0fd5499a0bd1","abstract_canon_sha256":"88097d4a169f164c185ba2a85a31848be9eb12737262c70a323f689e50ded2c1"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-29T02:05:45.983213Z","signature_b64":"gZ+JotJsdVSx83lUpjtIIbZv+yM9hqmCZFmpSPaPIF6pYFSkfBY4nocYP4uRVkYsywNUGG2PLZs4CJxvfQ/JBA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"ec34413c484e7ef6dd25043fac61d597e529f2ba2e1481e3a15e91ffa68193d0","last_reissued_at":"2026-05-29T02:05:45.982580Z","signature_status":"signed_v1","first_computed_at":"2026-05-29T02:05:45.982580Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Securing the Web with HSTS-Enforced","license":"http://creativecommons.org/licenses/by/4.0/","headline":"HSTS-Enforced defaults all web connections to HTTPS and requires explicit indicators for any site that must use HTTP.","cross_cats":["cs.NI"],"primary_cat":"cs.CR","authors_text":"Aaron van Diepen, Adrian Zapletal, Fernando Kuipers","submitted_at":"2026-05-06T08:33:12Z","abstract_excerpt":"TLS stripping attacks expose sensitive web traffic by forcing secure HTTPS connections to fall back to unencrypted HTTP. At present, protection against these attacks relies on website operators explicitly opting into security by deploying mechanisms such as HTTP Strict Transport Security (HSTS) headers. These mechanisms have significant limitations: some are weak or difficult to configure, which raises the risk of misconfiguration and reduces practical adoption; others violate HTTP backward compatibility; at least one can even be abused to enable unintended user tracking.\n  We introduce HSTS-E"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"HSTS-Enforced blocks all practical TLS stripping attempts while maintaining compatibility for sites that require HTTP - without introducing overhead in the typical case.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"That browsers, DNS resolvers, and site operators will correctly implement and use the proposed HTTP-Required indicators (new DNS record and preload list) without widespread misconfiguration or adoption failures.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"HSTS-Enforced flips web security to default HTTPS with explicit HTTP-Required indicators to block TLS stripping while preserving compatibility for sites needing HTTP.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"HSTS-Enforced defaults all web connections to HTTPS and requires explicit indicators for any site that must use HTTP.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"4a5995ad23ef8e93df069e02328e13515c64dd75cc5ea264e271f88455bb687e"},"source":{"id":"2605.04642","kind":"arxiv","version":1},"verdict":{"id":"e0db8bb9-d422-4e71-baf2-8bf028c5d714","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-08T17:33:04.592632Z","strongest_claim":"HSTS-Enforced blocks all practical TLS stripping attempts while maintaining compatibility for sites that require HTTP - without introducing overhead in the typical case.","one_line_summary":"HSTS-Enforced flips web security to default HTTPS with explicit HTTP-Required indicators to block TLS stripping while preserving compatibility for sites needing HTTP.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"That browsers, DNS resolvers, and site operators will correctly implement and use the proposed HTTP-Required indicators (new DNS record and preload list) without widespread misconfiguration or adoption failures.","pith_extraction_headline":"HSTS-Enforced defaults all web connections to HTTPS and requires explicit indicators for any site that must use HTTP."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.04642/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"ai_meta_artifact","ran_at":"2026-05-20T11:36:25.269627Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_title_agreement","ran_at":"2026-05-19T22:31:19.918036Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T14:16:13.562712Z","status":"completed","version":"1.0.0","findings_count":0}],"snapshot_sha256":"4dbec0d53794e6eee3ae7784d7934f01450d6b6efacd836ddc67e56799ac51d2"},"references":{"count":56,"sample":[{"doi":"","year":2000,"title":"HTTP Over TLS","work_id":"9912b05c-9f5d-475c-8a05-c692949174df","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2012,"title":"HTTP Strict Transport Security (HSTS)","work_id":"c4f8fa9b-90a4-48ec-8736-cabb3bb99140","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2009,"title":"New Tricks for Defeating SSL in Practice","work_id":"9d68f2a7-a3e4-4e4c-8cda-9efce1593e4f","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2009,"title":"More Tricks for Defeating SSL in Practice","work_id":"1d5f1662-d8aa-4ddc-be89-6d813ee1aa76","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2012,"title":"HSTS Preload List Submission","work_id":"80325fe5-e55c-4069-a6d6-9329c5c0f58a","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":56,"snapshot_sha256":"2bb20e5572e2922ca3c17fbd217e9064791ad93e7e280e8ffe15e94fded48176","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.04642","created_at":"2026-05-29T02:05:45.982668+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.04642v1","created_at":"2026-05-29T02:05:45.982668+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.04642","created_at":"2026-05-29T02:05:45.982668+00:00"},{"alias_kind":"pith_short_12","alias_value":"5Q2ECPCIJZ7P","created_at":"2026-05-29T02:05:45.982668+00:00"},{"alias_kind":"pith_short_16","alias_value":"5Q2ECPCIJZ7PNXJF","created_at":"2026-05-29T02:05:45.982668+00:00"},{"alias_kind":"pith_short_8","alias_value":"5Q2ECPCI","created_at":"2026-05-29T02:05:45.982668+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7","json":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7.json","graph_json":"https://pith.science/api/pith-number/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/graph.json","events_json":"https://pith.science/api/pith-number/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/events.json","paper":"https://pith.science/paper/5Q2ECPCI"},"agent_actions":{"view_html":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7","download_json":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7.json","view_paper":"https://pith.science/paper/5Q2ECPCI","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.04642&json=true","fetch_graph":"https://pith.science/api/pith-number/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/graph.json","fetch_events":"https://pith.science/api/pith-number/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/action/timestamp_anchor","attest_storage":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/action/storage_attestation","attest_author":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/action/author_attestation","sign_citation":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/action/citation_signature","submit_replication":"https://pith.science/pith/5Q2ECPCIJZ7PNXJFAQ72YYOVS7/action/replication_record"}},"created_at":"2026-05-29T02:05:45.982668+00:00","updated_at":"2026-05-29T02:05:45.982668+00:00"}