W3C home > Mailing lists > Public > public-web-security@w3.org > January 2015

Re: [W3C Web Security IG] securing the web fonding by the W3C TAG

From: Mike West <mkwst@google.com>
Date: Mon, 12 Jan 2015 14:50:48 +0100
Message-ID: <CAKXHy=edZSe=zQs8feuThmBPzhn+5Gq9iqCmzVt9tPDp+_ngqw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>
On Mon, Jan 12, 2015 at 2:45 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

> There is also the issue that "more https" alone may not usefully
> mitigate the PM threat unless mixed-content is also largely
> eliminated from the web. That issue is implicitly recognised in
> the statement (though I'm not sure where "[[mixed-content]]" is
> pointing) but I think the logical consequence here is simply that
> confidentiality is more than desirable, and that in fact is
> really required to be available (even if not always used) for
> all web traffic, including http schemed traffic.
>

The "[mixed-content]" link points to the bibliography entry for
https://w3c.github.io/webappsec/specs/mixedcontent/.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 12 January 2015 13:51:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 12 January 2015 13:51:36 UTC