On Wed, Feb 4, 2015 at 9:07 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Wed, Feb 4, 2015 at 5:46 AM, Daniel Kahn Gillmor > <dkg@fifthhorseman.net> wrote: > > However, I see no reason that we should avoid coupling opportunistic > > upgrade for blocked mixed content for sites already using STS. Is there > > a coupling objection to this use case that i'm missing? > > Simplicity. Let HSTS not have unanticipated side effects. Note also > that what is blockable mixed content is not a constant. > *shrug* This seems totally reasonable to me as something to experiment with. As Daniel notes, these pages are broken currently. If we try to fix them optimistically, and accidentally break them in a different way than they're already broken, we haven't lost much. The argument from side-effects is much more powerful with regard to the stuff we're not blocking yet. There I'm willing to believe that optimistically upgrading without opt-in from the author could do more harm than good. -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 4 February 2015 08:13:56 UTC