IETF Logo Mail Archive

Re: [apps-discuss] I-D Action: draft-nottingham-http-browser-hints-02.txt

Mykyta Yevstifeyev <evnikita2@gmail.com> Wed, 31 August 2011 14:46 UTC

Return-Path: <evnikita2@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA5BA21F86DF for <apps-discuss@ietfa.amsl.com>; Wed, 31 Aug 2011 07:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.472
X-Spam-Level:
X-Spam-Status: No, score=-3.472 tagged_above=-999 required=5 tests=[AWL=0.127, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uxYREp2RgXxb for <apps-discuss@ietfa.amsl.com>; Wed, 31 Aug 2011 07:46:04 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 24BA621F852E for <apps-discuss@ietf.org>; Wed, 31 Aug 2011 07:46:03 -0700 (PDT)
Received: by bkar4 with SMTP id r4so1117435bka.31 for <apps-discuss@ietf.org>; Wed, 31 Aug 2011 07:47:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=AiLFGYFlhV66Kv4lj3GxmWtsMWYbmEKFURtOaTGYLj4=; b=dXLlVWOXF6O3Hikn8t2RAt1jhxy/23HUYU0M+e5gQXpFl/OXb4IARsxIG/H41NER0P 8AlMvvRbpddD5VYw8HKeGnsjttSEq28paO5g9FNCxccHibBWUmCkjo/rcvwCPqO3QMOY tVQis+MRJb+SkzMMwsKeNS4MoqFhvlwBOXDj8=
Received: by 10.204.157.16 with SMTP id z16mr298208bkw.162.1314802053913; Wed, 31 Aug 2011 07:47:33 -0700 (PDT)
Received: from [127.0.0.1] ([195.191.104.224]) by mx.google.com with ESMTPS id o20sm402940bku.43.2011.08.31.07.47.32 (version=SSLv3 cipher=OTHER); Wed, 31 Aug 2011 07:47:33 -0700 (PDT)
Message-ID: <4E5E49A5.1020106@gmail.com>
Date: Wed, 31 Aug 2011 17:48:05 +0300
From: Mykyta Yevstifeyev <evnikita2@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>
References: <20110531062229.28776.82429.idtracker@ietfa.amsl.com> <0CE9268E-5802-4B0A-B643-F580E7F048B5@mnot.net> <4E5BB162.6010101@gmail.com> <D42B156C-33BD-4F8F-8958-A2E7900E055D@mnot.net> <4E5E47BB.3010403@gmail.com> <4E5E47FB.9050100@stpeter.im>
In-Reply-To: <4E5E47FB.9050100@stpeter.im>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Mark Nottingham <mnot@mnot.net>, apps-discuss@ietf.org
Subject: Re: [apps-discuss] I-D Action: draft-nottingham-http-browser-hints-02.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 14:46:05 -0000

31.08.2011 17:40, Peter Saint-Andre wrote:
> On 8/31/11 8:39 AM, Mykyta Yevstifeyev wrote:
>> 30.08.2011 4:03, Mark Nottingham wrote:
>>> I didn't go in this direction because it *seems* to conflict with the
>>> STS effort in websec. Maybe someone from over there could comment?
>> I understand that HSTS is only useful when site declares that HTTPS must
>> be used any time when connecting to it.  Specific areas/resources may
>> not be declared to be so (If I'm wrong, correct me).
> What is the use case for that feature?

This provides a way for client which prefers to use secure variant to 
learn which areas of the site are fine to be accessed so, without 
attempting to use HTTPS where it isn't possible.

v2.23.0 | Report a Bug | By Email