On Mon, Sep 21, 2015 at 1:29 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Mon, Sep 21, 2015 at 2:06 PM, Mike West <mkwst@google.com> wrote:
> > On Mon, Sep 21, 2015 at 1:48 PM, Jose Kahan <jose.kahan@w3.org> wrote:
> >> We need a solution that will allow to assume all content is https,
> >> in perpetuity, without needing to upgrade all legacy content.
> >
> > That seems like an unfortunate design decision. I hope you'll change your
> > mind over time. :)
>
> Why?
>
> The header makes the two types of content identical. User agents not
> implementing the header will be considered broken in due course, just
> like user agents not supporting the Host header are today.
>
> I really don't think we should give folks the impression that one is
> better than the other long term, or worse, that the header might go
> away. That just harms adoption.
>
+1
Once we're in a world where we can apply a "universal HSTS" policy, there's
no reason to continue hating on "http:" URIs.
>
>
> --
> https://annevankesteren.nl/
>
>