- From: Phil Archer <phila@w3.org>
- Date: Wed, 13 Apr 2016 17:29:25 +0100
- To: SDW WG Public List <public-sdw-wg@w3.org>
Earlier today we talked about whether HTTP or HTTPS is the correct scheme to use. In the few hours since that discussion there has been further traffic here at W3C Towers that is likely to lead to a new policy. The policy will, however, only apply to w3.org, it isn't a general "this is what everyone should do." It's complicated by HSTS [1] and UIR [2] which are new protocols designed to help the general migration to secure connections. We have implemented these for our website as have *some* but not all browsers. So what about the general case? I can only say that it is, of course, up to domain owners how they manage their Web space in this regard. I do think, however, that we can say that where two URLs differ only in the scheme (HTTP or HTTPS) they should dereference to the same resource. All being well, we'll have our own policy sorted for documents on w3.org within the next week or so. This will affect our document editors. For tracker, this is related to action-107. Phil [1] HSTS = HTTP Strict Transport Security (RFC 6797 https://tools.ietf.org/html/rfc6797) [2] UIR = Upgrade Insecure Requests (W3C CR https://www.w3.org/TR/upgrade-insecure-requests/) -- Phil Archer W3C Data Activity Lead http://www.w3.org/2013/data/ http://philarcher.org +44 (0)7887 767755 @philarcher1
Received on Wednesday, 13 April 2016 16:29:38 UTC