|
|
|
|
|
|
by gsnedders
2458 days ago
|
|
|
I think it's clear that everyone would like HTTPS-by-default, it's just a question of how to do it in a way that doesn't cause a massively degraded user-experience in the short term and still provides security gains (racing the two gets around the UX problem, but provides no security benefit). We might see something whereby we use HTTPS if the hostname has previously been connected to over HTTPS (even without HSTS). |
|
|