> The latter question is a real concern, but we won't know until we go
> and collect some data. When we get measurements for these sorts of
> things, it's usually from services that have the resources to acquire
> the measurements. At the same time, those services likely have the
> resources to h
> We believe that security includes confidentiality, which that would approach
> would lack.
Hey Joel,
SSL already leaks which domain name you are visiting anyway, so the most
confidentiality this can bring you is hiding the specific URL involved in a
cache miss. That's a fairly narrow upgrade
> In order to encourage web developers to move from HTTP to HTTPS, I would
> like to propose establishing a deprecation plan for HTTP without security.
May I suggest defining "security" here as either:
1) A secure host (SSL)
or
2) Protected by subresource integrity from a secure host
This woul
3 matches
Mail list logo
