Re: The 's' in https: more trouble than it's worth? [metadataInURI-31]

On Sun, 2006-03-19 at 20:57 -0800, Roy T. Fielding wrote:
> > There was some argument that http: is enough, combined with...
> >
> >   Upgrading to TLS Within HTTP/1.1 Khare and Lawrence May 2000
> >
> Well, whoever argued that is flat out wrong and should read the HTTP
> archives.

How about we save them the trouble; i.e. excerpt the argument from
the archives and include it in the metadataInURI-31 finding?

I'm not sure where to start looking.

Bonus points to anybody who beats me to it.

>   https is still needed to inform the client that privacy
> is needed.  Upgrade only removes the need for a separate port.  I
> explained it in detail when BEEP had the same issue, but I don't know
> where the archives of that list went.

Yet another reason to make this argument easier to find.

> ....Roy
Dan Connolly, W3C
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Monday, 20 March 2006 19:50:32 UTC