"Adrien Felon" <[EMAIL PROTECTED]> writes: > Whatever, I am now wondering how strong is the pressure to migrate from the > classical "https" scheme to the "client requested upgrade" (as I see these > as somehow alternatives, as the client explicitely request "https"...). As > far as I understand, RFC 2817 (May 2000...) clearly states that things like > HTTPS should be deprecated. So I wonder what the "market" says... You say > there is no client: am I really going to write the first one that supports > this? As apache starts to support it, I guess there might be some other > people looking fot it also. There's no pressure at all, and for good reason. RFC 2817 is badly broken.
To take merely one example, it has a terrible interaction with proxies. -Ekr ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]