Re: The ability to automatically upgrade a reference to HTTPS from HTTP

On 2014-08-27 15:49, Kingsley Idehen wrote:
> On 8/27/14 6:47 AM, Graham Klyne wrote:
>> On 23/08/2014 01:47, Mark Nottingham wrote:
>>> The first thing that comes to mind is HSTS -
>>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
>>> http://tools.ietf.org/html/rfc6797
>>>
>>> … which basically allows a client to securely discover when they
>>> should stop using http:// for a given hostname.
>>>
>>> IIRC the general feeling on the sort of approach you outline is that
>>> the horse has already bolted; we can’t make blanket, retroactive
>>> changes to the entire Web.
>>
>> Rather than retroactive change, could something like this work?:
>>
>>    C: GET http:example.com/example HTTP/x.x
>>
>>    S: xxx ...  (2xx or 3xx)
>>    S:  :
>>    S: Link: https:example.com/example; rel=owl:sameas
>>
>> (I know the syntax isn't right, but I hope you get the idea.)
>>
>> #g
>> --
>
> +1
>
> Being explicit about the relations that connect the entities denotes by
> HTTP URIs is really the best long term approach.
>
> Link: https:example.com/example;
> rel="http://www.w3.org/2002/07/owl#sameAs"  .

Link: <https:example.com/example>; 
rel="http://www.w3.org/2002/07/owl#sameAs"  .

...

Received on Thursday, 28 August 2014 05:59:34 UTC