Re: #328: user Intervention on Redirects from Martin Thomson on 2012-02-07 (ietf-http-wg@w3.org from January to March 2012)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 6 Feb 2012 16:10:00 -0800
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnXh4JUMXn+x5PLtkR-_wmvnJJP5n=eiWxz=AM5UEGF5Bw@mail.gmail.com>

On 6 February 2012 15:55, Mark Nottingham <mnot@mnot.net> wrote:
> I'm now wondering if we should consider removing this requirement altogether.

Remove it.  I imagine that the original idea was that you might want
to prevent a server that from getting you to pass your secrets to some
other server.  Or that it might do a bait and switch.

In a world with clickjacking, this sort of measure just seems naive.

Received on Tuesday, 7 February 2012 00:14:14 UTC