Re: [presentation-api] Authenticity of screen selection permission is problematic in insecure contexts from Mark Foltz via GitHub on 2017-01-28 (public-secondscreen@w3.org from January 2017)

From: Mark Foltz via GitHub <sysbot+gh@w3.org>
Date: Sat, 28 Jan 2017 01:13:17 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-275815086-1485565995-sysbot+gh@w3.org>

One issue identified thus far was that displaying insecure origins as 
part of a permission prompt devalues prompts overall (for higher 
stakes questions like geolocation, payments, etc.) as users should 
assume that all prompts are from secure contexts and could ignore any 
indications otherwise.

This aligns with research done by the Chromium Enamel team [1] and is 
what I think @annevk was getting at in 
https://github.com/w3c/presentation-api/issues/380#issuecomment-263815193.

[1] https://drive.google.com/file/d/0BxdLBiVAM05cRVhOMi1FMmlnenM/view


-- 
GitHub Notification of comment by mfoltzgoogle
Please view or discuss this issue at 
https://github.com/w3c/presentation-api/issues/380#issuecomment-275815086
 using your GitHub account

Received on Saturday, 28 January 2017 01:13:24 UTC