Re: The ability to automatically upgrade a reference to HTTPS from HTTP

On 8/27/14 6:47 AM, Graham Klyne wrote:
> On 23/08/2014 01:47, Mark Nottingham wrote:
>> The first thing that comes to mind is HSTS -
>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
>> http://tools.ietf.org/html/rfc6797
>>
>> … which basically allows a client to securely discover when they 
>> should stop using http:// for a given hostname.
>>
>> IIRC the general feeling on the sort of approach you outline is that 
>> the horse has already bolted; we can’t make blanket, retroactive 
>> changes to the entire Web.
>
> Rather than retroactive change, could something like this work?:
>
>    C: GET http:example.com/example HTTP/x.x
>
>    S: xxx ...  (2xx or 3xx)
>    S:  :
>    S: Link: https:example.com/example; rel=owl:sameas
>
> (I know the syntax isn't right, but I hope you get the idea.)
>
> #g
> -- 

+1

Being explicit about the relations that connect the entities denotes by 
HTTP URIs is really the best long term approach.

Link: https:example.com/example; 
rel="http://www.w3.org/2002/07/owl#sameAs"  .


-- 
Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Received on Wednesday, 27 August 2014 13:49:33 UTC