Re: [webappsec] Rechartering: force secure-only child browsing contexts from Mike West on 2014-11-14 (public-webappsec@w3.org from November 2014)

From: Mike West <mkwst@google.com>
Date: Fri, 14 Nov 2014 08:53:06 +0100
To: Brian Smith <brian@briansmith.org>
Cc: Ryan Sleevi <sleevi@google.com>, Brad Hill <hillbrad@fb.com>, Anne van Kesteren <annevk@annevk.nl>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=cFkPRGz=FVOnezfA3FmFMsNvMQBaKbj91BmPmpU1605g@mail.gmail.com>

On Fri, Nov 14, 2014 at 5:34 AM, Brian Smith <brian@briansmith.org> wrote:

> > Since I like security more than complexity, consider it a +1 to spec'ing
> it,
> > and then we revisit during whenever that point during the revised W3C
> > process where people actually implement and discover it might need to be
> > opt-in for some time before (eventually) becoming default.
>
> I think this can be specified by just adding a couple of sentences
> and/or bullet points to the existing Mixed Content draft. I am happy
> to write that up, if people agree.
>

I would be happy for you to do the work. :)

-mike

Received on Friday, 14 November 2014 07:53:54 UTC