I support this policy. I'd suggest that if it's felt that cleartext content needs to be available, it NOT be at <http://www.ietf.org/> (and similar); it should be on a different hostname; e.g., <http://www.cleartext.ietf.org/>. The http version of the URL should 301 to the corresponding https resource, and HSTS should be in use. Also, part of the reason for requiring HTTPS is that the Web platform is becoming more powerful, and so it's more vulnerable to a wide variety of attacks on the capabilities of the browser (e.g., camera, geolocation, local storage, etc.) — not just information leakage. See: <https://w3ctag.github.io/web-https/>. Regards, -- Mark Nottingham https://www.mnot.net/