Re: HSTS Priming, continued. from Martin Thomson on 2015-11-12 (public-webappsec@w3.org from November 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 11 Nov 2015 16:04:46 -0800
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CABkgnnUH2-T_bY4Lfc4Tn6Nj_PcOpq01FxjLRw3PAAGq6RbDSQ@mail.gmail.com>

On 11 November 2015 at 14:44, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> In particular, I think it's a feature, not a bug, to introduce
> additional latency for cleartext traffic.  I'd love to be able to say to
> a server operator "you should offer your site under HTTPS, it will be
> faster"

Unfortunately, this is something that the server operator doesn't see,
it's something that they inflict on others.

That said, I might be inclined to agree with you.  But as a practical
matter I don't think that we can degrade performance like that unless
we all agree to the same terms.  That sort of performance hit can
cause folks like Eric to encourage their users to use other browsers
and no browser vendor wants that.

Received on Thursday, 12 November 2015 00:05:18 UTC