W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

From: Peter Kasting <pkasting@google.com>
Date: Thu, 18 Dec 2014 13:34:24 -0800
Message-ID: <CAAHOzFAu_jPgH4WbjUQDPH3hcn5kf=90THS09BqtVSV2q5JP=A@mail.gmail.com>
To: Monica Chew <mmc@mozilla.com>
Cc: Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, blink-dev <blink-dev@chromium.org>, security-dev <security-dev@chromium.org>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>
On Thu, Dec 18, 2014 at 1:18 PM, Monica Chew <mmc@mozilla.com> wrote:
>
> I understand the desire here, but a passive indicator is not going to
> change the status quo if it's shown 42% of the time (or 67% of the time, in
> Firefox's case).
>

Which is presumably why the key question this thread asked is what metrics
to use to decide it makes sense to start showing these warnings, and what
the thresholds should be.

PK
Received on Thursday, 18 December 2014 21:34:51 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC