W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2014

Re: Proposal: Prefer secure origins for powerful new web platform features

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 22 Aug 2014 08:09:41 +0200
Message-ID: <CADnb78hzFhVcWg-8SGrokaBG8h_qGk5sVQRDS53=iJ+hdjLA0A@mail.gmail.com>
To: Ian Melven <ian.melven@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Aug 22, 2014 at 7:13 AM, Ian Melven <ian.melven@gmail.com> wrote:
> I'm not seeing any arguments against requiring secure origins for certain
> functionality beyond the same old arguments against using SSL :
>
> * it costs some almost negligible amount of money
> * it requires some non-zero amount of work on the part of the website
> operator
>
> am i missing something ?

Yes, Netflix pointing out TLS would cost them non-negligible amounts
of money. Mark said he was getting data on that, so waiting for that
data seems like the best way forward here.


-- 
http://annevankesteren.nl/
Received on Friday, 22 August 2014 06:10:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC