Re: [dev] TLS / HTTPS support

From: Anselm R Garbe <>
Date: Thu, 31 Aug 2017 16:15:33 +0200

On 31 August 2017 at 15:36, Hiltjo Posthuma <> wrote:
> On Thu, Aug 31, 2017 at 03:07:11PM +0200, Anselm R Garbe wrote:
>> well ;)), but I'm also a sceptic of HSTS.
> Can you explain why you are a sceptic of HSTS?

I'm sceptic of using HSTS on I think it is superfluous.

I really prefer that website visitors perform a *conscious* transition
to https urls of (after learning about it in our news
feed that you wrote) rather than mandating the browser (which might
support HSTS) to perform some kind of a "magic" transition instead.
Actually the user might not notice at all if his browser supports

It's kind of an infantilization of the user.

Also I dislike the idea that browsers effectively share HSTS
information gathered in regular mode even in private (aka incognito)
mode (at least I read about this last time I looked into HSTS, which
is a while back).

Received on Thu Aug 31 2017 - 16:15:33 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 31 2017 - 16:24:20 CEST