Comment 157 for bug 308181

(In reply to Ben Bucksch (:BenB) from comment #69)
> Esa, I answered that 3 years ago in comment 63. I mentioned 3 separate reasons. Each reason *on its own* is a serious problem.

Thanks, Ben! Some good and valid arguments there. It's just that while the current approach might have some clear advantages over RFC 6186, it doesn't seem any better security wise – quite the opposite. Or does the Autoconfiguration perhaps support HTTPS and HSTS (RFC 6797) with preloading, which would make forcing TLS possible?