W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

From: Alex Russell <slightlyoff@google.com>
Date: Wed, 24 Dec 2014 14:43:06 -0800
Message-ID: <CANr5HFVV5TmDJ54sHSejtMGABqDCK5o_V19U-7NMzdC-s-uqxw@mail.gmail.com>
To: noloader@gmail.com
Cc: mozilla-dev-security@lists.mozilla.org, security-dev <security-dev@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, blink-dev <blink-dev@chromium.org>
Which standards bodies are those? Cause the W3C TAG is recommending
pervasive end-to-end transit encryption.
On 18 Dec 2014 14:22, "Jeffrey Walton" <noloader@gmail.com> wrote:

> On Thu, Dec 18, 2014 at 5:10 PM, Daniel Kahn Gillmor
> <dkg@fifthhorseman.net> wrote:
> > ...
> > Four proposed fine-tunings:
> >
> >  A) i don't think we should remove "This website does not supply
> > identity information" -- but maybe replace it with "The identity of this
> > site is unconfirmed" or "The true identity of this site is unknown"
> None of them are correct when an interception proxy is involved. All
> of them lead to a false sense of security.
>
> Given the degree to which standard bodies accommodate (promote?)
> interception, UA's should probably steer clear of making any
> statements like that if accuracy is a goal.
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to blink-dev+unsubscribe@chromium.org.
>
Received on Wednesday, 24 December 2014 22:43:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC