Re: UPGRADE: 'HTTPS' header causing compatibility issues.

The following is the shorter and perhaps more accurate:
encrypt-insecure: 1

I'd still like:
Prefer: encrypt-insecure

On 9 July 2015 at 07:39, Mike West <mkwst@google.com> wrote:

> It feels like a distinction without meaning, especially given that we know
> passive monitoring is happening on a wide scale. Calling unencrypted
> transport affirmatively "insecure" seems fairly reasonable.
>
> -mike
> On Jul 9, 2015 06:54, "Martin Thomson" <martin.thomson@gmail.com> wrote:
>
>> On 8 July 2015 at 21:44, Richard Barnes <rbarnes@mozilla.com> wrote:
>> > If the web can live with "Referer", it can live with this.  But it seems
>> > roughly the same order of magnitude.  It makes me "sic" :)
>>
>>
>> Sounds about right. Find another perspective, like 'update-to-secure'
>> if you want to avoid seeming insecure.
>>
>

Received on Thursday, 9 July 2015 08:09:27 UTC