[Bug 26332] Applications should only use EME APIs on secure origins (e.g. HTTPS) from bugzilla@jessica.w3.org on 2014-08-12 (public-html-bugzilla@w3.org from August 2014)

From: <bugzilla@jessica.w3.org>
Date: Tue, 12 Aug 2014 15:15:23 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26332-2486-drXrjR9ybK@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

--- Comment #19 from Mark Watson <watsonm@netflix.com> ---
(In reply to Jerry Smith from comment #18)
> Proposed on last week's call:  Add a comment that advises websites SHOULD
> use consistent https.  This means that https is advised in the general case,
> but allows sites to depart from this guidance if they have specific
> rationale for doing so (e.g. they've taken other precautions to ensure
> secure data transfers).

I don't see why this recommendation belongs in the EME specification. It's a
general recommendation for all websites, whatever web platform APIs they use.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 12 August 2014 15:15:30 UTC