- From: Jacob Hoffman-Andrews <jsha@eff.org>
- Date: Tue, 03 Feb 2015 18:20:32 -0800
- To: Tom Ritter <tom@ritter.vg>, Anne van Kesteren <annevk@annevk.nl>
- CC: Mike West <mkwst@google.com>, Ryan Sleevi <sleevi@google.com>, Eduardo' Vela <evn@google.com>, Wendy Seltzer <wseltzer@w3.org>, Adam Langley <agl@google.com>, WebAppSec WG <public-webappsec@w3.org>, Peter Eckersley <pde@eff.org>
> And it's why people pay tens or hundreds of thousands of dollars to > CDNs to support clients who don't send SNI? Clearly not. =) I think > maintaining compatibility with existing clients is very important for > businesses, and a feature that breaks the experience for some > percentage of them is a feature they won't use. A business whose HTTPS implementation is partial-- that is, their site works only if the 'upgrade-unsafe' directive is present-- can use UA detection to redirect only those clients known to support 'upgrade-unsafe' to their HTTPS site. Older clients can remain on the HTTP site until the business either rewrites all links internally or decides to deprecate support for those clients.
Received on Wednesday, 4 February 2015 02:21:04 UTC