- From: Domenic Denicola <domenic@domenicdenicola.com>
- Date: Thu, 23 Oct 2014 21:11:34 +0000
- To: Mark Watson <watsonm@netflix.com>
- CC: David Dorwin <ddorwin@google.com>, Henri Sivonen <hsivonen@hsivonen.fi>, www-tag <www-tag@w3.org>
From: Mark Watson [mailto:watsonm@netflix.com] > Well, obviously, it's not something anyone would be "for", if there was an alternative. The existence of an alternative to these kind of one-by-one deals and coding setups is the entire idea the TAG feedback is driving at. > Large content providers are not all going to migrate to HTTPS overnight. Just thinking out loud, but have you considered a flag day? E.g., the spec says that after 2015-XX-XX, all implementations require secure origins. This should be encoded in implementations in a testable way out of the box, so that e.g. setting your system clock forward will trigger it. That would give enough time for content providers to migrate while avoiding the situation of shipping an insecure implementation forever. I imagine there are lots of holes to poke in this idea...
Received on Thursday, 23 October 2014 21:12:04 UTC