On Mon, Jun 2, 2014 at 4:46 PM, cowwoc <cowwoc@bbs.darktech.org> wrote: > On 02/06/2014 6:22 PM, Martin Thomson wrote: > >> On 2 June 2014 15:19, cowwoc <cowwoc@bbs.darktech.org> wrote: >> >>> I'll flip this on its head: why do you want to deny permissions when the >>> page is reloaded? What are you protecting the user from? :) >>> >> You. And everyone like you who think that the camera is theirs. >> > > Again, what attack vector are you actually protecting the user from? > This is covered extensively in the security drafts. > This is equivalent to asking users of gmail.com to re-authenticate every > time they navigate to a different email or reload the page. It's just silly > and not grounded in security. > If you want to not have that, then use HTTPS and ask for persistent permissions. -Ekr > We're building software for human beings, not machines! :) > > Gili > >
Received on Tuesday, 3 June 2014 00:12:23 UTC