On Tue, Oct 7, 2014 at 9:04 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Tue, Oct 7, 2014 at 5:59 PM, Justin Uberti <juberti@google.com> wrote:
> > 2) this breaks real, existing applications, e.g. http://webcamtoy.com/
>
> It seems they could easily move to use an authenticated origin, no?
>
>
> > 3) makes trying/experimenting with webrtc difficult, e.g.
> > http://jsfiddle.net, or http://localhost
>
> Same for jsfiddle.net. localhost is already an authenticated origin.
>
>
> Some short term breakage should not outweigh long term pervasive
> monitoring.
>
>
These are just some arbitrarily selected examples. The point is that short
term breakage would not be insignificant.
While I agree that we should encourage web developers to upgrade to HTTPS,
singling out WebRTC developers seems like the wrong way to go about this.