Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

https only? #18

Closed
juliangruber opened this issue Dec 2, 2019 · 2 comments
Closed

https only? #18

juliangruber opened this issue Dec 2, 2019 · 2 comments

Comments

@juliangruber
Copy link
Member

@juliangruber juliangruber commented Dec 2, 2019

Looking at https://github.com/libscie/https-checker, I thought about whether the p2pcommons spec is strictly https only. The only part where currently an http url can be inserted is in the links property. Should we say that all of these need to be https?

This upside in security comes at the cost of resources being harder to link to when only available in http and having to be rehosted or proxied to (if possible).

@chartgerink

This comment has been minimized.

Copy link
Collaborator

@chartgerink chartgerink commented Dec 2, 2019

That is a good point! We could add a SHOULD clause that warns for any non-https? That way, writing a linter that tries for https is in line and we can still accept http if really necessary?

#17

@juliangruber

This comment has been minimized.

Copy link
Member Author

@juliangruber juliangruber commented Dec 2, 2019

Oh great idea for the linter to check if an https version is available!

chartgerink added a commit that referenced this issue Dec 2, 2019
@chartgerink chartgerink closed this Dec 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.