W3C

Edit comment LC-2382 for Web Security Context Working Group

Quick access to

Previous: LC-2381 Next: LC-2380

Comment LC-2382
:
Commenter: Krzysztof Maczyński <1981km@gmail.com>

or
Resolution status:

Dear WG,

Section 5.2 of Web Security Context: User Interface Guidelines seems to favour the https scheme over http used with TLS as specified by RFC 2817. On the other hand, the W3C Director, TAG, IANA and other parties have indicated many times that URI schemes should be employed only if they enable identifying with URIs a class of resources semantically distinct from what other schemes already cover. Security characteristics of access to a resource are orthogonal to the identity of the resource itself (proof: the same resource can be made available by both means). Therefore, https is redundant and SHOULD NOT be used, since its range coincides with that of http. Please redefine “strongly TLS-protected” to include http with RFC 2817.

Best regards,

Krzysztof Maczyński
Invited Expert, HTML WG
ISSUE-245
(space separated ids)
(Please make sure the resolution is adapted for public consumption)


Developed and maintained by Dominique Hazaël-Massieux (dom@w3.org).
$Id: 2382.html,v 1.1 2017/08/11 06:44:33 dom Exp $
Please send bug reports and request for enhancements to w3t-sys.org