W3C home > Mailing lists > Public > www-tag@w3.org > December 2003

Re: Section on https

From: Mark Baker <distobj@acm.org>
Date: Thu, 4 Dec 2003 13:28:14 -0500
To: Tim Bray <tbray@textuality.com>
Cc: "'www-tag @ w3. org'" <www-tag@w3.org>
Message-ID: <20031204132814.B2937@www.markbaker.ca>

Nice.  You might also want to reference RFC 2817 as an example of
the negotiated approach.

On Thu, Dec 04, 2003 at 09:37:30AM -0800, Tim Bray wrote:
> 
> We nuked this due to under-cookedness.  I'm sympathetic to Ian's point, 
> so I've shaken & stirred the existing language slightly; I understand 
> the date is very late, but if lots of TAG members write back and say 
> "yes" maybe it could squeeze in:
> 
> ===============================================================
> 
> The "https" scheme [RFC2818] is an example of a URI scheme that, though 
> commonly implemented by agents, is problematic; it does not differ from 
> "http" except that it indicates that agents should expect to use HTTP 
> over TLS when dereferencing these URIs. However, HTTP agents can 
> negotiate a secure exchange whatever the URI scheme, so the scheme did 
> not provide missing functionality.  Changes in the security policy for 
> a resource identified by an "https" URI may require publication of a 
> new non-https URI. Security policy management can be managed without 
> requiring URIs to change; see the section on URI persistence for more 
> information.

-- 
Mark Baker.   Ottawa, Ontario, CANADA.        http://www.markbaker.ca
Received on Thursday, 4 December 2003 13:25:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:23 GMT