RE: The ability to automatically upgrade a reference to HTTPS fromHTTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul this would not be identical if a shared server hosts multiple sites but serves ssl as a different site.

Seen this often where the web host's ssl secure billing panel is the only ssl on the box.

In that case any connection on port 443 by default gets the one ssl site and can result in https vs http being different. And its still a perfectly valid config.

Chaitanya Dhareshwar
+91 9820760253

From: Paul Hoffman
Sent: ‎23-‎08-‎2014 20:35
To: Eliot Lear
Cc: IETF Discussion
Subject: Re: The ability to automatically upgrade a reference to HTTPS fromHTTP

On Aug 23, 2014, at 12:03 AM, Eliot Lear <lear@xxxxxxxxx> wrote:

>
> On 8/22/14, 11:37 PM, Nico Williams wrote:
>> On Fri, Aug 22, 2014 at 12:16:22PM -0700, Tim Bray wrote:
>>>
>>> What this means is that a client given an http:  URL in a reference is
>>> always free to try out the HTTPS, just adding an S, and use result if the
>>> is successful.
>> It too late for that though: all too often the two resources are not the
>> same.
>>
>
> Indeed.  Regrettably I suspect the worst offender would be the index
> itself for the site (e.g., http://www.example.com v.
> https://www.example.com).

Um? Those look identical to me.

--Paul Hoffman

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]