- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 6 Apr 2021 14:13:55 +1000
- To: Martin Thomson <mt@lowentropy.net>
- Cc: ietf-http-wg@w3.org
On 6 Apr 2021, at 12:47 pm, Martin Thomson <mt@lowentropy.net> wrote: > > Section 4.4.2 says " "https" is RECOMMENDED". I think that we can make this mandatory. I am not aware of any case today where unsecured HTTP would be appropriate. If non-compliance is necessary, I'm sure that a specification can make that case and directly address this point. I'm open to that. What do others think? Cheers, P.S. Can we talk about deprecating 'http' in Core, or do we have to wait for the next round? -- Mark Nottingham https://www.mnot.net/
Received on Tuesday, 6 April 2021 04:14:16 UTC