W3C home > Mailing lists > Public > public-w3process@w3.org > November 2014

Re: Require security review before FPWD

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 3 Nov 2014 13:40:38 +0100
Message-ID: <CADnb78hNHTJ-aXXGh_id5=s_zYHShpK4UB0g56ybAtJMBnyePw@mail.gmail.com>
To: Charles McCathienevile <chaals@yandex-team.ru>
Cc: Jeff Jaffe <jeff@w3.org>, Philippe Le Hegaret <plh@w3.org>, public-w3process <public-w3process@w3.org>
On Sun, Nov 2, 2014 at 10:32 PM,  <chaals@yandex-team.ru> wrote:
> I will need to have more power, or suffer an inferior experience, in order to use a secured connection.

Just to be clear, this is nonsense. TLS these days hardly has
overhead. I recommend studying https://istlsfastyet.com/

I also take issue with the argument that an average user can juggle
these concerns adequately. They should not have to know about the
difference between plain text and secure connections. That's too much
of an implementation detail.

(As for <canvas>, one implementation was shipping, not two, which made
it possible to change the status quo.)

Received on Monday, 3 November 2014 12:41:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC