On Mon, Sep 21, 2015 at 1:33 PM, Richard Barnes <rbarnes@mozilla.com> wrote: > > > On Mon, Sep 21, 2015 at 1:29 PM, Anne van Kesteren <annevk@annevk.nl> > wrote: > >> On Mon, Sep 21, 2015 at 2:06 PM, Mike West <mkwst@google.com> wrote: >> > On Mon, Sep 21, 2015 at 1:48 PM, Jose Kahan <jose.kahan@w3.org> wrote: >> >> We need a solution that will allow to assume all content is https, >> >> in perpetuity, without needing to upgrade all legacy content. >> > >> > That seems like an unfortunate design decision. I hope you'll change >> your >> > mind over time. :) >> >> Why? >> >> The header makes the two types of content identical. User agents not >> implementing the header will be considered broken in due course, just >> like user agents not supporting the Host header are today. >> >> I really don't think we should give folks the impression that one is >> better than the other long term, or worse, that the header might go >> away. That just harms adoption. >> > > +1 > > Once we're in a world where we can apply a "universal HSTS" policy, > there's no reason to continue hating on "http:" URIs. > Sure, but that world is a long ways away, much longer than the W3C should wait to start demonstrating leadership with HTTPS/HSTS on w3.org. -- Eric > > >> >> >> -- >> https://annevankesteren.nl/ >> >> > -- konklone.com | @konklone <https://twitter.com/konklone>
Received on Monday, 21 September 2015 17:54:08 UTC