- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 17 Dec 2014 18:17:22 +0100
- To: Sigbjørn Vik <sigbjorn@opera.com>
- Cc: tylerl@google.com, blink-dev <blink-dev@chromium.org>, Chris Palmer <palmer@google.com>, WebAppSec WG <public-webappsec@w3.org>, security-dev@chromium.org, dev-security@lists.mozilla.org
On Wed, Dec 17, 2014 at 12:52 PM, Sigbjørn Vik <sigbjorn@opera.com> wrote: > I respectfully, but strongly, disagree :) If you want to separate the > states, I'd say that C is better than B. C has *some* security, B has > *none*. You would advocate not blocking on certificate failures and just hand over credentials to network attackers? What would happen exactly when you visit e.g. google.com from the airport (connected to something with a shitty captive portal)? -- https://annevankesteren.nl/
Received on Wednesday, 17 December 2014 17:17:50 UTC