[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: URLs and TLS
Chris Newman wrote:
> However, this raises the following questions: Is it ever useful to specify
> in a URL that some use of TLS is required? If so, what should the options
There's the "http://" vs "https://" level of distinction; clearly
that's useful today. The "s suffix" meta-scheme for URLs _could_ be
continued, even when used with a single assigned port that needs to
pay extra negotiation costs (STARTTLS). Equivalently, just a ";TLS"
token in URLs that don't otherwise restrict the URL syntax. (HTTP
is not such a candidate!)
Re options ... no utility in duplicating what TLS provides, I'd say.
The URL can be tampered with, unlike the TLS handshake.