- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 10 Dec 2014 18:05:37 +0000
- To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>
On 10/12/14 17:02, GALINDO Virginie wrote: > About secure origin discussion, and for the ones who missed it, there > is an interesting conversation going on in W3C TAG mailing list > (transitioning the Web to HTTPS [1]), based on the finding edited by > Mark Nottingham https://w3ctag.github.io/web-https/ Good stuff. > I guess all > opinion are welcome on that matter on the public tag list. Go for it where possible. When not, then go for HTTP URIs via TLS as per [1], or at least recommend experimenting with [1]. More generally, considering how [2] applies could well be useful here. ([2] btw is an approved IETF document and is currently in the RFC editor queue.) I'm sure its known but all of this is nicely in line with RFC 7258 (already referenced) but also with the recent IAB statement [3] which should also be a useful reference. S. [1] https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption [2] https://tools.ietf.org/html/draft-dukhovni-opportunistic-security [3] https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/
Received on Wednesday, 10 December 2014 18:06:13 UTC