W3C home > Mailing lists > Public > public-sdw-wg@w3.org > April 2016

HTTP/HTTPS

From: Phil Archer <phila@w3.org>
Date: Wed, 13 Apr 2016 17:29:25 +0100
To: SDW WG Public List <public-sdw-wg@w3.org>
Message-ID: <570E73E5.20401@w3.org>
Earlier today we talked about whether HTTP or HTTPS is the correct 
scheme to use.

In the few hours since that discussion there has been further traffic 
here at W3C Towers that is likely to lead to a new policy. The policy 
will, however, only apply to w3.org, it isn't a general "this is what 
everyone should do."

It's complicated by HSTS [1] and UIR [2] which are new protocols 
designed to help the general migration to secure connections. We have 
implemented these for our website as have *some* but not all browsers.

So what about the general case? I can only say that it is, of course, up 
to domain owners how they manage their Web space in this regard. I do 
think, however, that we can say that where two URLs differ only in the 
scheme (HTTP or HTTPS) they should dereference to the same resource.

All being well, we'll have our own policy sorted for documents on w3.org 
within the next week or so. This will affect our document editors.

For tracker, this is related to action-107.

Phil


[1] HSTS = HTTP Strict Transport Security (RFC 6797 
https://tools.ietf.org/html/rfc6797)

[2] UIR = Upgrade Insecure Requests (W3C CR 
https://www.w3.org/TR/upgrade-insecure-requests/)


-- 


Phil Archer
W3C Data Activity Lead
http://www.w3.org/2013/data/

http://philarcher.org
+44 (0)7887 767755
@philarcher1
Received on Wednesday, 13 April 2016 16:29:38 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:31:20 UTC