- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 9 Dec 2014 12:20:31 -0800
- To: Mike West <mkwst@google.com>
- Cc: Mark Watson <watsonm@netflix.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "public-geolocation@w3.org" <public-geolocation@w3.org>, "Nottingham, Mark" <mnotting@akamai.com>
On 9 December 2014 at 12:12, Mike West <mkwst@google.com> wrote: > I don't believe the intent of a feature has much of anything to do with the > attack surface it exposes. Deprecating an insecure feature is a good thing! > It is substantially less good if deprecating it doesn't improve the security > situation. If you want to encourage people to move from feature A to feature A', then coupling that move with a secure origins limitation could create additional disincentives to move. On the other hand, you might see moving from A to A' as the real cost and consider the move to a secure origin as being trivial. Then the marginal cost of the linkage between A' and secure origins is then small. It might simply make sense to say that any choice about secure origins should be orthogonal to the continuing evolution of a feature.
Received on Tuesday, 9 December 2014 20:20:59 UTC