- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Wed, 10 Sep 2014 10:20:14 +0000
- To: Anne van Kesteren <annevk@annevk.nl>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 10/09/14 11:29, Anne van Kesteren wrote: > On Wed, Sep 10, 2014 at 11:08 AM, Stefan Håkansson LK > <stefan.lk.hakansson@ericsson.com> wrote: >> It is a long time ago, and I can't recollect all details on why we did >> arrive on allowing http sites to access. I think it was a combination of >> >> a) follow the geoLocation example >> b) the expressed wish to allow for secure communication when the app is >> from untrusted sites (using PeerIdentity) - these perhaps temporary >> sites could deliver over http > > a) set a bad precedent. I don't think we considered the implications > at the time. I don't understand how b) is feasible. How can you > communicate securely if the piece of software you just got could have > been manipulated by a third party? I think this is outlined in the documents I referred to, and if not there are several presentations by Ekr in the IETF folders. Ekr or Martin, you might want to step in here. > >
Received on Wednesday, 10 September 2014 10:20:40 UTC