[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: https by default

From: Boruch Baum <boruch_baum@xxxxxxx>
Date: Sun, 16 Jul 2017 07:56:55 -0400
X-ml-name: emacs-w3m
X-mail-count: 12750
References: <20170716113915.GQ18156@E15-2016.optimum.net>

I also see that w3m-util.el, line 806, there is defined a constant
`w3m-url-fallback-base' , set to "http:///";, not "https:///";.


On 2017-07-16 07:44, Boruch Baum wrote:
> I noticed just now that in w3m.el, function `w3m-canonicalize-url',
> line 4574, that http is being used instead of https. Would it be much
> of a problem to default to https instead?
>
> The policy difference is one of "opt-in" versus "opt-out". Currently,
> if one wants https, one needs to "opt-in" by remembering to go through
> the trouble of manually pre-pending "https://"; to one's url.
>
> Being that https is "safer" and "more secure" and "better for privacy"
> and being that it has become much more widely implemented this past
> year[1], I suggest that it should be "opt-out". The result would be
> that if a website does not support https, the user will see an error
> message, and have to manually re-send with the http: explicitly
> pre-pended.
>
> On a related note, I notice that the emacs-w3m website[2] does not
> seem to support https.
>
> references
> [1] https://tech.slashdot.org/story/17/02/01/1250214/https-adoption-has-reached-the-tipping-point
> [2] http://emacs-w3m.namazu.org/

--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0

Follow-Ups:
- Re: https by default
  - From: Katsumi Yamaoka

References:
- https by default
  - From: Boruch Baum

Prev by Date: https by default
Next by Date: Re: error upon load and tab navigation [PATCH included]
Previous by thread: https by default
Next by thread: Re: https by default
Index(es):
- Date
- Thread

Namazu Search: [Help]