[HTTPS-Everywhere] Always redirect to https when TLSA records exist?
Seth David Schoen
schoen at eff.org
Fri Sep 12 18:17:59 PDT 2014
Matthias Wimmer writes:
> Especially it does not indicate, that every resource available on a
> given HTTP URI is also available on the corresponding HTTPS URI.
That possibility is a reason not to create redirections automatically,
since historically we've had a number of examples of sites where the
content on the HTTPS site was entirely different from the content on
the HTTP site. A classic example was the LiveJournal site, where at one
point HTTPS access was available, but only for users who had accounts,
and not for people who wished to read the site content anonymously.
(This isn't true for LiveJournal anymore, but I still think of it as a
representative example of how the HTTPS and HTTP sites can be different.
Another example could be sites where the HTTPS version is only an
administrative interface for the site owner to edit the site's content.)
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the HTTPS-Everywhere
mailing list