On Fri, 3 Apr 2015, Joe Touch wrote:
Yes, but it's also important IMO to allow HTTP access and not require HTTPS. I.e., the reason for the shift should not be to force use of a secure connection. Some paths will drop anything they can't inspect, and there's no reason to force that here for users who don't want it.
I don't think I agree. And neither does RFC 7258. If you are on a network that needs to MITM your HTTPS, it should run you through their SOCKS / PROXY and install the right trust anchors on your machine. Paul