This document:Public document·View comments·Disposition of Comments·
Nearby:Web Security Context Working Group Other specs in this tool Web Security Context Working Group's Issue tracker
Quick access to LC-2380 LC-2381 LC-2382
Previous: LC-2381 Next: LC-2380
Dear WG, Section 5.2 of Web Security Context: User Interface Guidelines seems to favour the https scheme over http used with TLS as specified by RFC 2817. On the other hand, the W3C Director, TAG, IANA and other parties have indicated many times that URI schemes should be employed only if they enable identifying with URIs a class of resources semantically distinct from what other schemes already cover. Security characteristics of access to a resource are orthogonal to the identity of the resource itself (proof: the same resource can be made available by both means). Therefore, https is redundant and SHOULD NOT be used, since its range coincides with that of http. Please redefine “strongly TLS-protected†to include http with RFC 2817. Best regards, Krzysztof Maczyński Invited Expert, HTML WG