W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [UPGRADE]: What's left?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 6 Mar 2015 11:16:50 -0800
Message-ID: <CABkgnnWwGXfz3uF5QtwT1Hi_2v2fpB0ouuoTevWC3e1nwAOQDg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Peter Eckersley <pde@eff.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Jeff Hodges <Jeff.Hodges@kingsmountain.com>, Tanvi Vyas <tanvi@mozilla.com>, Yves Lafon <ylafon@w3.org>, T Guild <ted@w3.org>, Daniel Appelquist <appelquist@gmail.com>, Alex Russell <slightlyoff@google.com>, Ilya Grigorik <igrigorik@google.com>, Yoav Weiss <yoav@yoav.ws>
On 6 March 2015 at 10:43, Mike West <mkwst@google.com> wrote:
> I don't understand why HSTS needs to be conditionally set. Presumably you're
> only redirecting "safely upgradable requests" to HTTPS if you're this spec's
> target audience.

I understood this as "If you support this upgrade, might as well just
use HSTS".  But can't save the extra bytes by disabling this signal if
HSTS is enabled?
Received on Friday, 6 March 2015 19:17:22 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC