Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

On Wed, Dec 24, 2014 at 5:43 PM, Alex Russell <slightlyoff@google.com> wrote:
> Which standards bodies are those? Cause the W3C TAG is recommending
> pervasive end-to-end transit encryption.

W3C and IETF. They may be recommending it, but their deliverables are
failing to meet expectations.

Jeff

> On 18 Dec 2014 14:22, "Jeffrey Walton" <noloader@gmail.com> wrote:
>>
>> On Thu, Dec 18, 2014 at 5:10 PM, Daniel Kahn Gillmor
>> <dkg@fifthhorseman.net> wrote:
>> > ...
>> > Four proposed fine-tunings:
>> >
>> >  A) i don't think we should remove "This website does not supply
>> > identity information" -- but maybe replace it with "The identity of this
>> > site is unconfirmed" or "The true identity of this site is unknown"
>> None of them are correct when an interception proxy is involved. All
>> of them lead to a false sense of security.
>>
>> Given the degree to which standard bodies accommodate (promote?)
>> interception, UA's should probably steer clear of making any
>> statements like that if accuracy is a goal.
>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to blink-dev+unsubscribe@chromium.org.

Received on Wednesday, 24 December 2014 22:49:18 UTC