Re: Proposal: Prefer secure origins for powerful new web platform features

On Thu, Aug 21, 2014 at 3:29 PM, Eduardo' Vela" <Nava> <> wrote:
> I do not get why Geolocation [...] need to be SSL only.

Let's just take this one for a moment. We're giving the web platform a
fairly significant power here and it's pretty reasonable to want to
take the sharp edge off it.

When we ask the user whether they want to share their location with, it's not reasonable to turn around later and say "oh,
didn't you notice the lack of https? It's thus completely your fault
that you inadvertently shared your location with and also
your ISP, government, etc.". We don't want to build a world where that
sort of information is commonly sent in the clear

But the aim is not to make experimentation hard either. It really
shouldn't be, it's just that setting up a local CA and the DNS for
experimentation is harder than it should be. If loopback adaptors
weren't configured by default then HTTP would be a pain to experiment
with also. If I had lots of free time, I'd submit patches to distros
to make it easier. But that's a much better direction than a clear
text world.



Received on Thursday, 21 August 2014 23:21:39 UTC