Re: Proposal: Prefer secure origins for powerful new web platform features

On Fri, Aug 22, 2014 at 1:13 AM, Ian Melven <> wrote:
> I'm not seeing any arguments against requiring secure origins for certain
> functionality beyond the same old arguments against using SSL :
> * it costs some almost negligible amount of money
Key agreement can be quite painful. I'm not sure I would call it
negligible when a server can only perform 1500 or 2500 or so a second.

> * it requires some non-zero amount of work on the part of the website
> operator
> am i missing something ?
Server authentication is frequently weak in the current model.

I'm also interested in understanding how an app with external content
behaves in some cases. I don't think an ad library is any more
trustworthy because it delivers over HTTPS.


Received on Friday, 22 August 2014 06:31:38 UTC