On Mon, May 19, 2014 at 12:37 AM, Anne van Kesteren <annevk@annevk.nl>wrote: > On Mon, May 19, 2014 at 9:12 AM, Yoav Weiss <yoav@yoav.ws> wrote: > > Obviously, full TLS provide better user protection (for any kind of > MITM), > > but I think the above scheme can be used to mitigate SW specific MITM > > threats, and enable SW over TLS. > > > > Thoughts? > > I don't think we ever thought it would not be possible to have service > workers outside HTTPS given sufficient patching, it's just not clear > that making it substantially different is a good tradeoff. And sites > that use service workers ought to be using HTTPS anyway. > What Anne said. The can(s) of worms that it opens are messy, the mitigations not sufficiently less onerous than SSL, and the benefits suspect. Secure-origins are where it's at. The world needs to be encrypted and we're going first. Onward.
Received on Monday, 19 May 2014 22:21:12 UTC