[Adding Ted Guild on CC] Very much in agreement and this also lines up with the TAG’s recent rumination on secure origins and general securing of the web (against pervasive monitoring among other threats). I believe there is some ongoing work on this in the W3C systems team - maybe Ted could comment? Dan > On 17 Nov 2014, at 11:37, Mike West <mkwst@google.com> wrote: > > Hello, www-tag! > > I just copy/pasted Mixed Content's last call URL (http://www.w3.org/TR/mixed-content/ <http://www.w3.org/TR/mixed-content/>) into an email, and I'm sad that it can't be served over HTTPS. > > Note that the WHATWG has moved to HTTPS/HSTS (https://fetch.spec.whatwg.org/ <https://fetch.spec.whatwg.org/>). IETF supports HTTPS (https://tools.ietf.org/html/draft-west-origin-cookies-00 <https://tools.ietf.org/html/draft-west-origin-cookies-00>). W3C is the only major standards body that I care about that actively redirects from HTTPS to HTTP. We're setting a bad example. > > It would be wonderful if we could fix that. Based on earlier conversations with Wendy (CC'd), it sounds like there was progress on this topic earlier in the year. Perhaps folks on this list could either share details of a migration plan, or even solid timelines? :) > > Thanks! > > -- > Mike West <mkwst@google.com <mailto:mkwst@google.com>> > Google+: https://mkw.st/+ <https://mkw.st/+>, Twitter: @mikewest, Cell: +49 162 10 255 91 > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > Geschäftsführer: Graham Law, Christine Elizabeth Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 17 November 2014 15:00:15 UTC