[OpenID] Reconsidering http://openid different from https://openid
Christopher St John
ckstjohn at gmail.com
Thu Sep 20 23:30:57 UTC 2007
On 9/20/07, Paul C. Bryan <email at pbryan.net> wrote:
> On Thu, 2007-09-20 at 19:22 +0100, Jack wrote:
>
> Perhaps. Though, in reality, the two IDs are distinct, because they
> result in different requests to different ports, potentially to two
> separate pieces of server software[1]. We can't enforce web server
> operators worldwide make HTTP==HTTPS by fiat.
>
Need to be clear about what the question is. The facts are
clear:
#1: HTTP and HTTPS define distinct namespaces and there's
no barrier in the relevant specifications to making urls that differ
only in schema point to totally different resources. (2817 even
says that explicitly)
#2: Nobody ever does it. How shocked would you be if you
surfed to:
https://artofsystems.blogspot.com
and then to:
http://artofsystems.blogspot.com
and they had totally different content? Very shocked is what
you would be. (You'd be less shocked if only one or the
other of them worked at all)
So, if the question is "What is intuitive?" then the answer is
that URLs differing only in http vs https point[1] to the same
thing and no sane person is going to assume they don't.
-cks
[1] This kind of circles around to the way URLs and resources
are two different sorts of things, but I think it's worth putting in
some real effort to avoid that discussion.
--
Christopher St. John
http://artofsystems.blogspot.com
More information about the general
mailing list