Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure from Peter Kasting on 2014-12-18 (public-webappsec@w3.org from December 2014)

From: Peter Kasting <pkasting@google.com>
Date: Thu, 18 Dec 2014 13:42:45 -0800
To: Monica Chew <mmc@mozilla.com>
Cc: Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, blink-dev <blink-dev@chromium.org>, security-dev <security-dev@chromium.org>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>
Message-ID: <CAAHOzFDyS=EE1gN=ShX4b4V5EpO8-CmbAGdJKxmHqw6-aNpQUA@mail.gmail.com>

On Thu, Dec 18, 2014 at 1:41 PM, Monica Chew <mmc@mozilla.com> wrote:
>
> On Thu, Dec 18, 2014 at 1:34 PM, Peter Kasting <pkasting@google.com>
> wrote:
>>
>> On Thu, Dec 18, 2014 at 1:18 PM, Monica Chew <mmc@mozilla.com> wrote:
>>>
>>> I understand the desire here, but a passive indicator is not going to
>>> change the status quo if it's shown 42% of the time (or 67% of the time, in
>>> Firefox's case).
>>>
>>
>> Which is presumably why the key question this thread asked is what
>> metrics to use to decide it makes sense to start showing these warnings,
>> and what the thresholds should be.
>>
>
> OK. I think the thresholds should be < 5%, preferably < 1%. What do you
> think they should be?
>

I have no opinion.  I'm simply trying to keep the discussion on track.

PK

Received on Thursday, 18 December 2014 21:43:12 UTC