On Tue, Feb 2, 2016 at 4:00 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Mon, Feb 1, 2016 at 11:27 PM, Eric Mill <eric@konklone.com> wrote:
> > However, the underlying issue driving HSTS priming (and why the HSTS
> check
> > currently comes after mixed content checking) is to make it so users have
> > deterministic and consistent experiences. Since preloading also
> guarantees
> > that consistency, you could also imagine an interim step being taken,
> before
> > this priming proposal is finalized and before the priming ping is
> > implemented anywhere, where preloaded HSTS is put ahead of mixed content
> > checking.
>
> I think there are two issues with this:
>
> 1. Last I heard some software, e.g., Firefox OS, did not perform
> preloading due to the size of the table.
> 2. What happens if large host providers bundle LE / HSTS / preload?
> Scaling the preload system is a good problem to have, but it seems
> like we need something there if we are going to make it part of the
> way other standards work.
>
That's part of why priming is nice -- it gives you the determinism of
preloading, while letting you trade an RTT for not preloading.
--Richard
>
>
> --
> https://annevankesteren.nl/
>