- From: Jeffrey Walton <noloader@gmail.com>
- Date: Fri, 22 Aug 2014 02:31:06 -0400
- To: Ian Melven <ian.melven@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Aug 22, 2014 at 1:13 AM, Ian Melven <ian.melven@gmail.com> wrote: > > I'm not seeing any arguments against requiring secure origins for certain > functionality beyond the same old arguments against using SSL : > > * it costs some almost negligible amount of money Key agreement can be quite painful. I'm not sure I would call it negligible when a server can only perform 1500 or 2500 or so a second. > * it requires some non-zero amount of work on the part of the website > operator > > am i missing something ? Server authentication is frequently weak in the current model. I'm also interested in understanding how an app with external content behaves in some cases. I don't think an ad library is any more trustworthy because it delivers over HTTPS. Jeff
Received on Friday, 22 August 2014 06:31:38 UTC