This is great, thanks Nicholas! P.s.: IMHO, it should always be user choice as to whether or not geolocation will reveal a user's location by IP. An ISP knowing it is one thing, but services should't be able to locate users without their consent. On Nov 7, 2014 2:59 PM, "Nicholas Doty" <npdoty@w3.org> wrote: > During TPAC, we had a breakout session to discuss a series of proposals > regarding restricting sensitive APIs to secure or authenticated origins and > other measures we could take to address the problem of pervasive monitoring > [1]. > > I've cleaned up the minutes for your review: > http://www.w3.org/2014/10/29-permon-minutes.html > > In general, I heard: > > * consensus that moving all traffic to TLS (or similar) in order to > increase integrity is a goal > * interest in transition processes -- for moving features to HTTPS-only > and for getting the industry as a whole (including hardware) to TLS > * possibilities for using DNSSEC for more secure browsing, with issues of > performance and middleboxes > > I would welcome additional takeaways that others in attendance had, or any > additional conclusions since. I know this to be a topic of discussion in at > least the following working groups: > > * HTML/EME > * WebCrypto > * Geolocation > * WebAppSec > * WebRTC/Media Capture > * TAG > > As Giri mentioned during the breakout, Geolocation is having an open call > for discussion of this topic, with some active discussion on this thread: > > http://lists.w3.org/Archives/Public/public-geolocation/2014Nov/0007.html > > Thanks all for your participation at TPAC and for the broad discussion and > effort to improve security on the Web. > > Nick > > [1] http://tools.ietf.org/html/rfc7258 >Received on Friday, 7 November 2014 23:41:09 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC