Re: [POWER] New vs Legacy functionality (Re: "Requirements for Powerful Features" strawman.)

On 9 December 2014 at 12:12, Mike West <mkwst@google.com> wrote:
> I don't believe the intent of a feature has much of anything to do with the
> attack surface it exposes. Deprecating an insecure feature is a good thing!
> It is substantially less good if deprecating it doesn't improve the security
> situation.


If you want to encourage people to move from feature A to feature A',
then coupling that move with a secure origins limitation could create
additional disincentives to move.

On the other hand, you might see moving from A to A' as the real cost
and consider the move to a secure origin as being trivial.  Then the
marginal cost of the linkage between A' and secure origins is then
small.

It might simply make sense to say that any choice about secure origins
should be orthogonal to the continuing evolution of a feature.

Received on Tuesday, 9 December 2014 20:21:00 UTC