W3C home > Mailing lists > Public > public-web-security@w3.org > January 2017

Re: Presentation API in non secure contexts

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 24 Jan 2017 08:46:25 +0100
Message-ID: <CADnb78iq9xKEt3W7Fgue+XgfLfPJeAME1NesDpfL0j8KKobgbg@mail.gmail.com>
To: Frederik Braun <fbraun@mozilla.com>
Cc: "mark a. foltz" <mfoltz@google.com>, Richard Barnes <rbarnes@mozilla.com>, Francois Daoust <fd@w3.org>, WebAppSec WG <public-webappsec@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
On Tue, Jan 24, 2017 at 8:29 AM, Frederik Braun <fbraun@mozilla.com> wrote:
> Also, note that a user giving permission to a site in a non-secure
> context will be surprised to note that this permission is leaking all
> over the public wifis he's using.
> I wonder if a permission prompt on non-secure contexts is useful at all.

I think doing such prompts on non-secure contexts devalues the overall
security of prompts. Assuming that the user is carefully making the
distinction and weighing their options is just not something we know
to be true.

Received on Tuesday, 24 January 2017 07:46:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:41 UTC