W3C home > Mailing lists > Public > www-tag@w3.org > March 2006

Re: The 's' in https: more trouble than it's worth? [metadataInURI-31]

From: Dan Connolly <connolly@w3.org>
Date: Mon, 20 Mar 2006 13:50:21 -0600
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: www-tag <www-tag@w3.org>
Message-Id: <1142884221.12963.77.camel@dirk.w3.org>

On Sun, 2006-03-19 at 20:57 -0800, Roy T. Fielding wrote:
[...]
> > There was some argument that http: is enough, combined with...
> >
> >   Upgrading to TLS Within HTTP/1.1 Khare and Lawrence May 2000
> >   http://www.ietf.org/rfc/rfc2817.txt
> 
> Well, whoever argued that is flat out wrong and should read the HTTP
> archives.

How about we save them the trouble; i.e. excerpt the argument from
the archives and include it in the metadataInURI-31 finding?

I'm not sure where to start looking.

Bonus points to anybody who beats me to it.

>   https is still needed to inform the client that privacy
> is needed.  Upgrade only removes the need for a separate port.  I
> explained it in detail when BEEP had the same issue, but I don't know
> where the archives of that list went.

Yet another reason to make this argument easier to find.

> ....Roy
-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Monday, 20 March 2006 19:50:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:39 GMT