- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 10 Sep 2014 15:31:03 +0200
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Wed, Sep 10, 2014 at 3:17 PM, Eric Rescorla <ekr@rtfm.com> wrote: > I don't remember this being > primarily a question of test/demo pages as much as that there are > lots of sites that aren't HTTPS and don't want to go HTTPS. Now we know about http://tools.ietf.org/html/rfc7258 is it not time to take a more active stance? I would love it if we could replay the private debate here in the open. Future hardware APIs will benefit from it and it will also help user agents make more informed choices for their users. > There seem to be lots of uses of gUM that don't necessarily require > crypto any more than (say) file uploads. For instance, uploading your > picture to use as your avatar on a site. And since it's forbidden to > have persistent permissions for HTTP, the risk is limited versus > (say) geo. It seems sites that have avatars should use TLS and we should not make it easier for them to keep endangering their users. Geolocation was a mistake, not an excuse. -- http://annevankesteren.nl/
Received on Wednesday, 10 September 2014 13:31:34 UTC