Re: https at ietf.org

On 05/11/13 20:38, Yoav Nir wrote:

Enabling 'HTTP Strict Transport Security' (HSTS, RFC6797) might be a
good first step.

HSTS means that HTTP is off (or just redirects you to HTTPS). The first S 
stands for "strict" and we mean it. :-)

Well, not entirely; the redirect is strictly not part of HSTS. Without a
redirect we give visitors an option; if you come in via http, fine... If
you come in via https with a browser that understands HSTS, then it's
https from that moment on.

And once we're all used to that, we can add the redirect ;-)

--
Marco

<Prev in Thread]	Current Thread	[Next in Thread>
Re: https at ietf.org, (continued) Re: https at ietf.org, John C Klensin Re: https at ietf.org, MAISONNEUVE, JULIEN (JULIEN) Re: https at ietf.org, t.p. Re: https at ietf.org, David Conrad Re: https at ietf.org, Arturo Servin Re: https at ietf.org, Ted Lemon Re: https at ietf.org, Douglas Otis Re: https at ietf.org, Joe Abley Re: https at ietf.org, Marco Davids (Prive) Re: https at ietf.org, Yoav Nir Re: https at ietf.org, Marco Davids (Prive) <= Re: https at ietf.org, Yoav Nir Re: https at ietf.org, Hector Santos Re: https at ietf.org, Bjoern Hoehrmann Re: https at ietf.org, Pranesh Prakash Re: https at ietf.org, Dean Willis Re: https at ietf.org, Måns Nilsson Re: https at ietf.org, Martin Rex Re: https at ietf.org, Noel Chiappa Re: https at ietf.org, Dave Cridland Re: https at ietf.org, Tim Bray