On Thu, 28 Oct 2010 09:56:27 +0200 Pierre Schmitz <[email protected]> wrote:
> [...] > > In general I think it's a good idea that we now use https for most > sites and we shouldn't discuss about if that is sane or not but why > are some clients unable to handle it. > This just popped into my feedreader: http://utcc.utoronto.ca/~cks/space/blog/web/HttpToHttpsRedirectionBad In general I'm a big fan of https-only websites, but the article has some valid points nonetheless. There seems to be no *good* way to balance convenience and security in this matter. Perhaps if browser makers started to try https first when given no protocol, but that's probably never gonna happen. -- Alexander Duscheleit <[email protected]>
