W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: HTTP without being HTTPS all the time

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Thu, 19 Jul 2012 20:01:35 +0000
To: Willy Tarreau <w@1wt.eu>
cc: Mike Belshe <mike@belshe.com>, httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <18936.1342728095@critter.freebsd.dk>
In message <20120719184924.GM16208@1wt.eu>, Willy Tarreau writes:

>As usual, Adam gave a nice description there, and I'm sure many of us are
>aware of the issues he describes. I'm among those who consider that having
>only some pages of a site secured is dangerous. Either the site is clear or
>it's not.

What about sites that are HTTP until you log in, then switch to HTTPS ?

That's a perfectly fair & sensible way to avoid spending resources
on non-paying visitors.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 19 July 2012 20:02:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 July 2012 20:02:09 GMT