W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: Proposal: Marking HTTP As Non-Secure

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 22 Dec 2014 11:43:30 +0000
Message-ID: <549803E2.8070802@mozilla.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, blink-dev <blink-dev@chromium.org>, security-dev <security-dev@chromium.org>, mozilla-dev-security@lists.mozilla.org
To: mozilla-dev-security@lists.mozilla.org
[The trouble with having this conversation across many mailing lists is
that when it gets specific, but you want to include people, you don't
know which lists to drop...]

On 18/12/14 22:10, Daniel Kahn Gillmor wrote:
> Four proposed fine-tunings:
>  A) i don't think we should remove "This website does not supply
> identity information" -- but maybe replace it with "The identity of this
> site is unconfirmed" or "The true identity of this site is unknown"

I prefer a more positive statement to a negative one, certainly.

> -------
> The true identity of this site is unknown.
> This web page was transferred over a non-secure connection, which means
> that the page and any information you sent to it could have been read or
> modified by others while in transit.

That's past tense; don't we want to include the future too?

The true identity of this site cannot be confirmed.

Your connection to this site is non-secure. Therefore, any information
you send or receive can be read or modified by others while in transit.

Received on Monday, 22 December 2014 11:44:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC