<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Dmitry Shechtman wrote:
<blockquote cite="mid:010101c7caf3$34251e60$b0db17ac@a9a181c8860745f"
 type="cite">
  <pre wrap="">

So my question stands: what should the RP's decision in case a
non-upgradeable <a class="moz-txt-link-freetext" href="http://">http://</a> variant of the identifier is detected?
  </pre>
</blockquote>
Connect only to https URLs<br>
<blockquote cite="mid:010101c7caf3$34251e60$b0db17ac@a9a181c8860745f"
 type="cite">
  <pre wrap="">
I am fully aware of the DNS spoofing risks, but I am also assuming no OPs
(in the wild, that is) currently satisfy this constraint </pre>
</blockquote>
How about this one? <a class="moz-txt-link-freetext" href="https://certifi.ca/">https://certifi.ca/</a><br>
<blockquote cite="mid:010101c7caf3$34251e60$b0db17ac@a9a181c8860745f"
 type="cite">
  <pre wrap="">(i.e. either SSL
only or TLS-upgradable identifiers). 
  </pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<div><font face="Arial" size="2">Regards</font></div>
<div><font face="Arial" size="2"> </font></div>
<div><font face="Arial" size="2">Signer:      Eddy Nigg, StartCom Ltd.</font></div>
<div><font face="Arial" size="2">Jabber:      <a class="moz-txt-link-abbreviated" href="mailto:startcom@startcom.org">startcom@startcom.org</a></font></div>
<div><font face="Arial" size="2">Phone:       +1.213.341.0390</font></div>
</div>
</body>
</html>