[HTTPS-Everywhere] Always redirect to https when TLSA records exist?
Paul Wise
pabs3 at bonedaddy.net
Fri Sep 12 18:21:58 PDT 2014
On Fri, 2014-09-12 at 18:17 -0700, Seth David Schoen wrote:
> Matthias Wimmer writes:
>
> > Especially it does not indicate, that every resource available on a
> > given HTTP URI is also available on the corresponding HTTPS URI.
>
> That possibility is a reason not to create redirections automatically,
> since historically we've had a number of examples of sites where the
> content on the HTTPS site was entirely different from the content on
> the HTTP site.
I don't have any data but I would hazard a guess that sites with DNSSEC
and TLSA setup are serious enough about security to not be that broken.
--
bye,
pabs
http://bonedaddy.net/pabs3/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140913/df2f1434/attachment.sig>
More information about the HTTPS-Everywhere
mailing list