ISSUE-168: Section 5.5.2 might be over-restrictive, especially on first-visit-redirect [wsc-xit] from Web Security Context Working Group Issue Tracker on 2008-01-07 (public-wsc-wg@w3.org from January 2008)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 7 Jan 2008 14:37:49 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20080107143749.A1240C6DB0@barney.w3.org>

ISSUE-168: Section 5.5.2 might be over-restrictive, especially on first-visit-redirect [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Johnathan Nightingale
On product: wsc-xit

Should we make an explicit exception for the paypal case here, where typing "paypal.com<enter>" into a location bar causes an immediate redirect to https://www.paypal.com?  Treating that as "insecure" feels wrong to me, even though as a matter of general principle, redirecting through http is indeed dangerous.

Received on Monday, 7 January 2008 14:37:52 UTC