W3C home > Mailing lists > Public > public-secondscreen@w3.org > January 2017

Re: [presentation-api] Authenticity of screen selection permission is problematic in insecure contexts

From: Mark Foltz via GitHub <sysbot+gh@w3.org>
Date: Sat, 28 Jan 2017 01:13:17 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-275815086-1485565995-sysbot+gh@w3.org>
One issue identified thus far was that displaying insecure origins as 
part of a permission prompt devalues prompts overall (for higher 
stakes questions like geolocation, payments, etc.) as users should 
assume that all prompts are from secure contexts and could ignore any 
indications otherwise.

This aligns with research done by the Chromium Enamel team [1] and is 
what I think @annevk was getting at in 
https://github.com/w3c/presentation-api/issues/380#issuecomment-263815193.

[1] https://drive.google.com/file/d/0BxdLBiVAM05cRVhOMi1FMmlnenM/view


-- 
GitHub Notification of comment by mfoltzgoogle
Please view or discuss this issue at 
https://github.com/w3c/presentation-api/issues/380#issuecomment-275815086
 using your GitHub account
Received on Saturday, 28 January 2017 01:13:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:19:02 UTC