W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2015

Re: HSTS Priming, continued.

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 11 Nov 2015 16:04:46 -0800
Message-ID: <CABkgnnUH2-T_bY4Lfc4Tn6Nj_PcOpq01FxjLRw3PAAGq6RbDSQ@mail.gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, WebAppSec WG <public-webappsec@w3.org>
On 11 November 2015 at 14:44, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> In particular, I think it's a feature, not a bug, to introduce
> additional latency for cleartext traffic.  I'd love to be able to say to
> a server operator "you should offer your site under HTTPS, it will be
> faster"

Unfortunately, this is something that the server operator doesn't see,
it's something that they inflict on others.

That said, I might be inclined to agree with you.  But as a practical
matter I don't think that we can degrade performance like that unless
we all agree to the same terms.  That sort of performance hit can
cause folks like Eric to encourage their users to use other browsers
and no browser vendor wants that.
Received on Thursday, 12 November 2015 00:05:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC