On Fri, Aug 22, 2014 at 12:26 AM, Ian Melven <ian.melven@gmail.com> wrote:
>
> did you read
> http://lists.w3.org/Archives/Public/public-webappsec/2014Aug/0094.html ?
>
> i think Chris Palmer makes a good point here - in some industries this
> would be called 'the price of doing business'
>
not when the delta from current cost isn't sufficiently justified by
derived benefits
>
> cheers,
> ian
>
>
>
> On Thu, Aug 21, 2014 at 11:09 PM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
>
>> On Fri, Aug 22, 2014 at 7:13 AM, Ian Melven <ian.melven@gmail.com> wrote:
>> > I'm not seeing any arguments against requiring secure origins for
>> certain
>> > functionality beyond the same old arguments against using SSL :
>> >
>> > * it costs some almost negligible amount of money
>> > * it requires some non-zero amount of work on the part of the website
>> > operator
>> >
>> > am i missing something ?
>>
>> Yes, Netflix pointing out TLS would cost them non-negligible amounts
>> of money. Mark said he was getting data on that, so waiting for that
>> data seems like the best way forward here.
>>
>>
>> --
>> http://annevankesteren.nl/
>>
>
>