W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: Proposal: Marking HTTP As Non-Secure

From: Igor Bukanov <igor@mir2.org>
Date: Sun, 14 Dec 2014 19:48:07 +0100
Message-ID: <CADd11yWHyOyNWE7o-q6LxN1gLAhXp_mVd=uP56oS+z0uNiQwmg@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: Eduardo Robles Elvira <edulix@agoravoting.com>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>, blink-dev <blink-dev@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>
On 14 December 2014 at 19:40, Chris Palmer <palmer@google.com> wrote:

>
> But, again, consider the definition of the origin. If it is possible for
> securely-transported code to run in the same context as non-securely
> transported code, the securely-transported code is effectively non-secure.
>

Yes, but the point is that the page will be shown with the same warnings as
a plain http page rather then showing a broken page.
Received on Monday, 15 December 2014 08:56:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC