Re: Testing W3C's HTTPS setup from Mike West on 2015-10-05 (public-webappsec@w3.org from October 2015)

From: Mike West <mkwst@google.com>
Date: Mon, 5 Oct 2015 09:39:38 +0200
To: Jose Kahan <jose.kahan@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=eBjjYgmcErsphkF9H9_cNzKREw-bb6BJGvT6P-y1mzQQ@mail.gmail.com>

On Wed, Sep 23, 2015 at 6:29 AM, Mike West <mkwst@google.com> wrote:

> On Mon, Sep 21, 2015 at 1:22 PM, Jose Kahan <jose.kahan@w3.org> wrote:
>
>> If there's no other available solution at the moment that fixes
>> firefox's behavior, we'll have to roll-back.
>>
>
> Hi Jose!
>
> It looks like you've rolled things back. I still don't understand what you
> need in order to roll things out again.
>
> Can you help me understand your expectations around HSTS and
> `upgrade-insecure-requests`? In particular, it's not at all clear to me
> what was happening in Firefox that wasn't happening in other browsers that
> don't support the header (which, presumably, you also want to support on
> the website).
>

Ping. :)

-mike

Received on Monday, 5 October 2015 07:40:35 UTC