Re: [upgrade] return=secure-representation

On Mon, Mar 16, 2015 at 9:22 AM, Mike West <mkwst@google.com> wrote:
> As I've mentioned in some other threads, I think the link to HSTS is
> aspirational. I believe that servers requiring this mechanism are going to
> be unwilling to lock themselves into HTTPS right away.
>
> I'd prefer to ship something that solves the problem we know we have, and
> build upon it to solve related problems once we have some implementation
> experience and feedback from developers.

Agreed. Strong coupling between features hinders adoption within
legacy systems. We've learned this time and again.


> Given that context, `Prefer: https` makes sense to me, and seems to cover
> the cases we care about.

Fair.


-- 
https://annevankesteren.nl/

Received on Monday, 16 March 2015 08:26:04 UTC