- From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Date: Mon, 16 Mar 2015 02:12:53 -0400
- To: "Nottingham\, Mark" <mnotting@akamai.com>, Mike West <mkwst@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Sun 2015-03-15 22:01:00 -0400, Nottingham, Mark wrote:
> WFM. The only thing is that it doesn't include wss: (etc.); that said,
> if the semantics are really "redirect me" not "send me a page with
> secure links", this should be fine (websockets doesn't have a concept
> of redirection).
I think the semantics are likely to include some sense of "it's safe to
send me HSTS" as well, not just "redirect me", unless we are willing to
consider some flavor of the HSTS2 suggestion.
--dkg
Received on Monday, 16 March 2015 06:13:23 UTC