- From: <jon@hackcraft.net>
- Date: Thu, 4 Dec 2003 17:48:42 +0000
- To: Tim Bray <tbray@textuality.com>
- Cc: "'www-tag@w3.org'" <www-tag@w3.org>
> We nuked this due to under-cookedness. I'm sympathetic to Ian's point,
> so I've shaken & stirred the existing language slightly; I understand
> the date is very late, but if lots of TAG members write back and say
> "yes" maybe it could squeeze in:
>
> ===============================================================
>
> The "https" scheme [RFC2818] is an example of a URI scheme that, though
> commonly implemented by agents, is problematic; it does not differ from
> "http" except that it indicates that agents should expect to use HTTP
> over TLS when dereferencing these URIs. However, HTTP agents can
> negotiate a secure exchange whatever the URI scheme, so the scheme did
> not provide missing functionality. Changes in the security policy for
> a resource identified by an "https" URI may require publication of a
> new non-https URI. Security policy management can be managed without
> requiring URIs to change; see the section on URI persistence for more
> information.
Might it be worth adding something about default port numbers, URL schemes, and
the IANA policy of no longer assigning ports numbers to secure-form-of-X?
--
Jon Hanna | Toys and books
<http://www.hackcraft.net/> | for hospitals:
| <http://santa.boards.ie/>
Received on Thursday, 4 December 2003 12:48:44 UTC