Re: [apps-discuss] I-D Action: draft-nottingham-http-browser-hints-02.txt
Barry Leiba <barryleiba@computer.org> Wed, 31 August 2011 14:51 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E266C21F8ABD for <apps-discuss@ietfa.amsl.com>; Wed, 31 Aug 2011 07:51:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.026
X-Spam-Level:
X-Spam-Status: No, score=-103.026 tagged_above=-999 required=5 tests=[AWL=-0.049, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QR7Q56mtnaY1 for <apps-discuss@ietfa.amsl.com>; Wed, 31 Aug 2011 07:51:39 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6703C21F8AB9 for <apps-discuss@ietf.org>; Wed, 31 Aug 2011 07:51:39 -0700 (PDT)
Received: by gxk19 with SMTP id 19so751451gxk.31 for <apps-discuss@ietf.org>; Wed, 31 Aug 2011 07:53:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=qm544LRqoxXS2BHgBHvzvhJ4eW91DOm00aMvzNQDXrQ=; b=af+ql9n55Lz7HNubGvZtONX2khbrxouKxayyZnQ2YX9xQ027TAsiZLSKBO5TGEjY0t yCdEePf3MO1OpippThoveNrSQ2PBm2JtG1e1OO1LemlAqLSOS47JibBkfTZn6B2xllML YzW3G7Pf/hpJmclJIRK4xylgNEtXBuGqpoFpQ=
MIME-Version: 1.0
Received: by 10.236.183.164 with SMTP id q24mr2508394yhm.117.1314802389697; Wed, 31 Aug 2011 07:53:09 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.147.40.6 with HTTP; Wed, 31 Aug 2011 07:53:09 -0700 (PDT)
In-Reply-To: <4E5E49A5.1020106@gmail.com>
References: <20110531062229.28776.82429.idtracker@ietfa.amsl.com> <0CE9268E-5802-4B0A-B643-F580E7F048B5@mnot.net> <4E5BB162.6010101@gmail.com> <D42B156C-33BD-4F8F-8958-A2E7900E055D@mnot.net> <4E5E47BB.3010403@gmail.com> <4E5E47FB.9050100@stpeter.im> <4E5E49A5.1020106@gmail.com>
Date: Wed, 31 Aug 2011 10:53:09 -0400
X-Google-Sender-Auth: 3lOntk7LVHnrfnEOt91HRW_L1ho
Message-ID: <CAC4RtVCms5uqJFTjXRjmVOtSr88qZFJN632KeRKhekVaMXETyA@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Mykyta Yevstifeyev <evnikita2@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Mark Nottingham <mnot@mnot.net>, apps-discuss@ietf.org
Subject: Re: [apps-discuss] I-D Action: draft-nottingham-http-browser-hints-02.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 14:51:40 -0000
>>> I understand that HSTS is only useful when site declares that HTTPS must >>> be used any time when connecting to it. Specific areas/resources may >>> not be declared to be so (If I'm wrong, correct me). >> >> What is the use case for that feature? > > This provides a way for client which prefers to use secure variant to learn > which areas of the site are fine to be accessed so, without attempting to > use HTTPS where it isn't possible. Let me see if I understand this correctly: A client that wants to use HTTPS, but isn't sure whether this part of the site supports it, can do it one of two ways: 1. Try HTTPS. If it doesn't work, fall back to HTTP. 2. Use HTTP. If a "hint" is included in the HTTP response that says HTTPS is OK, then switch to HTTP. You're proposing 2. Is that right? Assuming that's right, I'm saying that 1 is better. Barry
- [apps-discuss] Fwd: I-D Action: draft-nottingham-… Mark Nottingham
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Mark Nottingham
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Mark Nottingham
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Mykyta Yevstifeyev
- Re: [apps-discuss] I-D Action: draft-nottingham-h… Mark Nottingham
- Re: [apps-discuss] I-D Action: draft-nottingham-h… Mykyta Yevstifeyev
- Re: [apps-discuss] I-D Action: draft-nottingham-h… Peter Saint-Andre
- Re: [apps-discuss] I-D Action: draft-nottingham-h… Mykyta Yevstifeyev
- Re: [apps-discuss] I-D Action: draft-nottingham-h… Barry Leiba
- Re: [apps-discuss] I-D Action: draft-nottingham-h… Mykyta Yevstifeyev
- Re: [apps-discuss] I-D Action: draft-nottingham-h… Barry Leiba