W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [upgrade] return=secure-representation

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 16 Mar 2015 02:12:53 -0400
To: "Nottingham\, Mark" <mnotting@akamai.com>, Mike West <mkwst@google.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <87a8zdsc62.fsf@alice.fifthhorseman.net>
On Sun 2015-03-15 22:01:00 -0400, Nottingham, Mark wrote:
> WFM. The only thing is that it doesn't include wss: (etc.); that said,
> if the semantics are really "redirect me" not "send me a page with
> secure links", this should be fine (websockets doesn't have a concept
> of redirection).

I think the semantics are likely to include some sense of "it's safe to
send me HSTS" as well, not just "redirect me", unless we are willing to
consider some flavor of the HSTS2 suggestion.

         --dkg
Received on Monday, 16 March 2015 06:13:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC