Re: Testing W3C's HTTPS setup

On Mon, Sep 21, 2015 at 1:33 PM, Richard Barnes <rbarnes@mozilla.com> wrote:

>
>
> On Mon, Sep 21, 2015 at 1:29 PM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
>
>> On Mon, Sep 21, 2015 at 2:06 PM, Mike West <mkwst@google.com> wrote:
>> > On Mon, Sep 21, 2015 at 1:48 PM, Jose Kahan <jose.kahan@w3.org> wrote:
>> >> We need a solution that will allow to assume all content is https,
>> >> in perpetuity, without needing to upgrade all legacy content.
>> >
>> > That seems like an unfortunate design decision. I hope you'll change
>> your
>> > mind over time. :)
>>
>> Why?
>>
>> The header makes the two types of content identical. User agents not
>> implementing the header will be considered broken in due course, just
>> like user agents not supporting the Host header are today.
>>
>> I really don't think we should give folks the impression that one is
>> better than the other long term, or worse, that the header might go
>> away. That just harms adoption.
>>
>
> +1
>
> Once we're in a world where we can apply a "universal HSTS" policy,
> there's no reason to continue hating on "http:" URIs.
>

Sure, but that world is a long ways away, much longer than the W3C should
wait to start demonstrating leadership with HTTPS/HSTS on w3.org.

-- Eric


>
>
>>
>>
>> --
>> https://annevankesteren.nl/
>>
>>
>


-- 
konklone.com | @konklone <https://twitter.com/konklone>

Received on Monday, 21 September 2015 17:54:08 UTC