- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 23 Oct 2014 15:31:04 +0200
- To: Mike West <mkwst@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 2:00 PM, Mike West <mkwst@google.com> wrote: > Yeah. We can improve the wording of the latter definition. I think you can > safely s/An[sic] resource's/A/ without losing any meaning, though. Except that the bits about TLS no longer make sense... > That said, it's a bit hand-wavy in general due to the "weak" and > "deprecated" bits. The _origin_ isn't really enough to make those > judgements, as they require the TLS handshake to complete so that the user > agent can evaluate the ciphers that were agreed-upon. > > We should probably be talking about a different concept here, but it's not > clear to me what fits. Suggestions welcome. As I said in another thread, at the point of creating various objects and setting their origins, e.g. documents, we should probably add additional data. It might make sense to study Chrome's implementation to see what specifications we should modify (given that the architecture is reasonable and not a hack). -- https://annevankesteren.nl/
Received on Thursday, 23 October 2014 13:31:37 UTC