- From: Ian Melven <ian.melven@gmail.com>
- Date: Thu, 21 Aug 2014 23:26:32 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Friday, 22 August 2014 06:34:46 UTC
did you read http://lists.w3.org/Archives/Public/public-webappsec/2014Aug/0094.html ? i think Chris Palmer makes a good point here - in some industries this would be called 'the price of doing business' cheers, ian On Thu, Aug 21, 2014 at 11:09 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Fri, Aug 22, 2014 at 7:13 AM, Ian Melven <ian.melven@gmail.com> wrote: > > I'm not seeing any arguments against requiring secure origins for certain > > functionality beyond the same old arguments against using SSL : > > > > * it costs some almost negligible amount of money > > * it requires some non-zero amount of work on the part of the website > > operator > > > > am i missing something ? > > Yes, Netflix pointing out TLS would cost them non-negligible amounts > of money. Mark said he was getting data on that, so waiting for that > data seems like the best way forward here. > > > -- > http://annevankesteren.nl/ >
Received on Friday, 22 August 2014 06:34:46 UTC