On Wed, Feb 4, 2015 at 9:07 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Wed, Feb 4, 2015 at 5:46 AM, Daniel Kahn Gillmor
> <dkg@fifthhorseman.net> wrote:
> > However, I see no reason that we should avoid coupling opportunistic
> > upgrade for blocked mixed content for sites already using STS. Is there
> > a coupling objection to this use case that i'm missing?
>
> Simplicity. Let HSTS not have unanticipated side effects. Note also
> that what is blockable mixed content is not a constant.
>
*shrug* This seems totally reasonable to me as something to experiment
with. As Daniel notes, these pages are broken currently. If we try to fix
them optimistically, and accidentally break them in a different way than
they're already broken, we haven't lost much.
The argument from side-effects is much more powerful with regard to the
stuff we're not blocking yet. There I'm willing to believe that
optimistically upgrading without opt-in from the author could do more harm
than good.
-mike
--
Mike West <mkwst@google.com>, @mikewest
Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)