W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [upgrade] return=secure-representation

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 16 Mar 2015 09:25:37 +0100
Message-ID: <CADnb78gesF5cSyG551N4Bt3wNeYRCstR4WBKAW9VQTaSLNMNuw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Mark Nottingham <mnotting@akamai.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
On Mon, Mar 16, 2015 at 9:22 AM, Mike West <mkwst@google.com> wrote:
> As I've mentioned in some other threads, I think the link to HSTS is
> aspirational. I believe that servers requiring this mechanism are going to
> be unwilling to lock themselves into HTTPS right away.
> I'd prefer to ship something that solves the problem we know we have, and
> build upon it to solve related problems once we have some implementation
> experience and feedback from developers.

Agreed. Strong coupling between features hinders adoption within
legacy systems. We've learned this time and again.

> Given that context, `Prefer: https` makes sense to me, and seems to cover
> the cases we care about.


Received on Monday, 16 March 2015 08:26:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:47 UTC