On Nov 10, 2013, at 11:53 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > On 2013-11-10 05:11, Yoav Nir wrote: >> I'm stumped about #3 myself. >> >> The literal interpretation is that you follow (or type in) an http:// >> link, get a response, and in the response learn that this is also >> available with SSL. So the client attempts to upgrade to SSL, and >> receives a valid certificate. So, yay! >> >> But in that case, why is the http:// link out there at all, and if >> anybody types it in, why not immediately redirect to https:// as pretty >> much all sites using SSL do? > > Redirecting means changing the URI (bookmarks etc), and also implies running the service both on port 80 and 443. Right. But that's a good thing for a site with a valid certificate, no? Even port 80 doesn't have the same service as port 443, but just something that redirects all requests to the https equivalent. I just don't see why opportunistic encryption is useful for sites with a valid certificate. I think OE is needed for the 70% of websites ([1]) that don't have a valid certificate. Yoav [1] http://w3techs.com/technologies/overview/ssl_certificate/allReceived on Sunday, 10 November 2013 21:30:28 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:38 UTC