- From: Adam Langley <agl@google.com>
- Date: Thu, 21 Aug 2014 17:13:42 -0700
- To: Mark Watson <watsonm@netflix.com>
- Cc: "Eduardo' Vela" <evn@google.com>, Chris Palmer <palmer@google.com>, Jim Manico <jim.manico@owasp.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Aug 21, 2014 at 4:55 PM, Mark Watson <watsonm@netflix.com> wrote: > What, though, if the > alternative was not just a few dollars but millions ? What if the > alternative is using a plugin ? If you're dealing in user's information then you have obligations which extend *further* than just using HTTPS. But using HTTPS is a minimum and it's something that we can check. Plugins have long been a hole and something that we have to deal with. But just because we're still working on it[1] doesn't mean that we're going to throw in the towel in other places. [1] http://www.chromium.org/developers/npapi-deprecation Cheers AGL
Received on Friday, 22 August 2014 00:14:29 UTC