Does HSTS make using a public WiFi safe?

Question

What attacks, if any, are possible if I connect to a public WiFi network and only use my computer to access a previously-visited site that uses HSTS. I believe that attacks such as SSLstrip are not possible if my browser has an up-to-date HSTS header on file for the site I visit. Are there other attacks that are possible?

For this question, let's assume that I am visiting a security-conscious site such as https://paypal.com that does not load any resources from 3rd-party sites. That is, I am visiting exactly one site.

Answer 1

Short answer:

Yes, for resonable defintions of safe.

HSTS protects you against sslstrip type attacks for sites you have visited recently using a non-compromised connection (or for some browsers sites that are stored in a hardcoded "preload list").

The regular SSL CA system protects you against MITM attacks of ssl connections where the attacker has not compromised the CA system.

HKP (which is often used in conjuction with HSTS) provides you with a large degree of protection against compromises of the public CA system for sites you have visited before (or for some browsers sites that are stored in a hardcoded "preload list"). Exactly how much depends on what keys the site operator decides to pin, if they pin an intermediate cert rather than the server certs then the entity controlling that intermediate cert can MITM you.

HKP does not protect against MITM attacks by roots you manually added to the trust store. This was a deliberate design desicion to allow corporate SSL inspection systems to keep working.

No SSL based system protects you from MITM attacks if the attackers have managed to compromised the legitimate server's private key.

And of course there is always the risk of bugs in the protocol design or implementation or weaknesses in the underlying cryptography.

I covered a load of scenarios more explicitly in my (rather long) post at https://security.stackexchange.com/a/110004/79347