- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 29 Jul 2025 13:27:00 +1000
- To: Martin Thomson <mt@lowentropy.net>
- Cc: ietf-http-wg@w3.org, draft-ietf-httpapi-privacy.all@ietf.org, httpapi@ietf.org
This is key - > Another issue is that the draft assumes that the client is configured with a domain name or cleartext http:// URI, not an https:// URI. I think that's a mistake. APIs generally start with a URI and insisting that this be https://whatever isn't so difficult. The HTTP/HTTPS redirect is an artefact of humans typing URLs into web browsers. Is there any similar pattern in API usage? Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Tuesday, 29 July 2025 03:27:11 UTC