I think that this is a great idea, if you control all of the URLs in your systems. Otherwise unless all of the major browsers drop http — unlikely — it easily has another ten years in it.
Chrome dropped support for SHA-1 a few months ago, and I am sure that it will be another 33 months before all of the old certs are fixed. In other words, the pre-drop certs will all have expired by then and all new ones are SHA-2. Cary > On Aug 17, 2015, at 3:08 PM, Andrew Anderson <and...@lirn.net> wrote: > > That said, there is a big push recently for dropping non-SSL connections in > general (going so far as to call the protocol relative URIs an anti-pattern), > so is it really worth all the potential pain and suffering to make your links > scheme-agnostic, when maybe it would be a better investment in time to switch > them all to SSL instead? This dovetails nicely with some of the discussions > I have had recently with electronic services librarians about how to protect > patron privacy in an online world by using SSL as an arrow in that quiver.
