- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 16 Mar 2015 09:25:37 +0100
- To: Mike West <mkwst@google.com>
- Cc: Mark Nottingham <mnotting@akamai.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
On Mon, Mar 16, 2015 at 9:22 AM, Mike West <mkwst@google.com> wrote: > As I've mentioned in some other threads, I think the link to HSTS is > aspirational. I believe that servers requiring this mechanism are going to > be unwilling to lock themselves into HTTPS right away. > > I'd prefer to ship something that solves the problem we know we have, and > build upon it to solve related problems once we have some implementation > experience and feedback from developers. Agreed. Strong coupling between features hinders adoption within legacy systems. We've learned this time and again. > Given that context, `Prefer: https` makes sense to me, and seems to cover > the cases we care about. Fair. -- https://annevankesteren.nl/
Received on Monday, 16 March 2015 08:26:04 UTC