W3C home > Mailing lists > Public > www-tag@w3.org > December 2003

Section on https

From: Tim Bray <tbray@textuality.com>
Date: Thu, 4 Dec 2003 09:37:30 -0800
Message-Id: <89429A00-2680-11D8-A7A9-000A95A51C9E@textuality.com>
To: 'www-tag@w3.org' <www-tag@w3.org>

We nuked this due to under-cookedness.  I'm sympathetic to Ian's point, 
so I've shaken & stirred the existing language slightly; I understand 
the date is very late, but if lots of TAG members write back and say 
"yes" maybe it could squeeze in:

===============================================================

The "https" scheme [RFC2818] is an example of a URI scheme that, though 
commonly implemented by agents, is problematic; it does not differ from 
"http" except that it indicates that agents should expect to use HTTP 
over TLS when dereferencing these URIs. However, HTTP agents can 
negotiate a secure exchange whatever the URI scheme, so the scheme did 
not provide missing functionality.  Changes in the security policy for 
a resource identified by an "https" URI may require publication of a 
new non-https URI. Security policy management can be managed without 
requiring URIs to change; see the section on URI persistence for more 
information.
Received on Thursday, 4 December 2003 12:43:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:23 GMT