Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header)

On Thu, Feb 5, 2015 at 1:18 PM, Brad Hill <> wrote:

> Just FYI, that the websec WG in the IETF is basically in the process of
> being decommissioned, so getting a standards-track RFC number for an updated
> HSTS draft isn't likely to be a quick exercise.

And that is a good thing. Standards should standardize existing
known-to-work practice, not be untried designs (by committee). I
suggest: document any HSTS extensions in Internet-Draft form; get 2
open source implementations, try it out for a while and see if it
works and if people really want it; and then optionally RFC-ify later.

Received on Thursday, 5 February 2015 21:49:56 UTC