- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 8 Oct 2014 10:12:03 +0200
- To: Justin Uberti <juberti@google.com>
- Cc: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Tue, Oct 7, 2014 at 8:00 PM, Justin Uberti <juberti@google.com> wrote: > These are just some arbitrarily selected examples. The point is that short > term breakage would not be insignificant. There's ways to mitigate that. E.g. by phasing it out over some period of time and clearly communicating this to developers. > While I agree that we should encourage web developers to upgrade to HTTPS, > singling out WebRTC developers seems like the wrong way to go about this. 1) WebRTC developers are not being singled out. Authenticated origin is used by service workers, the push API, background synchronization, persistent notifications, crypto (in Chrome), autofilling of forms, subresource integrity, and hopefully geolocation. There's probably some that I'm missing here. 2) You are prioritizing developers over end users. I have a hard time believing that even though end users gave their consent, they knew they implicitly gave their consent that every passive/active network attacker could listen to them and watch them in real time. -- https://annevankesteren.nl/
Received on Wednesday, 8 October 2014 08:12:31 UTC