On Mon, Jan 12, 2015 at 2:45 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > There is also the issue that "more https" alone may not usefully > mitigate the PM threat unless mixed-content is also largely > eliminated from the web. That issue is implicitly recognised in > the statement (though I'm not sure where "[[mixed-content]]" is > pointing) but I think the logical consequence here is simply that > confidentiality is more than desirable, and that in fact is > really required to be available (even if not always used) for > all web traffic, including http schemed traffic. > The "[mixed-content]" link points to the bibliography entry for https://w3c.github.io/webappsec/specs/mixedcontent/. -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 12 January 2015 13:51:36 UTC