W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Alt-Svc and HSTS

From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Mon, 30 Mar 2015 09:57:01 +0900
Message-ID: <CAPyZ6=+smQVkn_4Urtj__1uiGRKn-x8Vs0JrnKW1DhM_ZCYH9Q@mail.gmail.com>
To: ietf-http-wg@w3.org
Hi,

I enabled HSTS for https://nghttp2.org a while back.  Few days ago, I
enabled Alt-Svc at http://nghttp2.org with h2="nghttp2.org:443". OE works
fine with Firefox Nightly and so far so good.
Then I got a comment[1] from twitter that "if there is HSTS, all requests
should be https to start with, so no Alt-Svc."
The comment is understandable when considering the effect of HSTS, but
should Alt-Svc really be avoided in this case?  If HSTS is used, we
probably should do automatic redirect to https from http, so this scenario
is not a real use case.

[1] https://mobile.twitter.com/ericlaw/statuses/582217188062298113

Best regards,
Tatsuhiro Tsujikawa
Received on Monday, 30 March 2015 00:57:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC