- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Tue, 19 Nov 2013 20:00:17 +0100
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "HTTP Working Group" <ietf-http-wg@w3.org>
Le Mar 19 novembre 2013 09:43, Roy T. Fielding a écrit : > Furthermore, I have a hard time believing the privacy propaganda > being spread by the browser makers. If they want to improve > privacy, all they have to do is remove the crappy features > that cause their HTTP use to be insecure. Stop blaming the > protocols for exposing information that shouldn't be sent in > the first place. > > Don't allow cookies from a secure site to be sent to a non-secured site. > Double-key cookies so that they don't share information across multiple > referring sites. Implement an obvious logout in the UI chrome. > Don't send cached credentials if the referring document isn't trusted > or same-origin. Don't allow BASIC over an unsecured connection. > Implement authentication schemes that don't expose the user's secret. > Prevent extensions and scripts from mimicking authentication forms. Stop sending referers… -- Nicolas Mailhot
Received on Tuesday, 19 November 2013 19:00:49 UTC