- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 19 May 2014 09:37:27 +0200
- To: Yoav Weiss <yoav@yoav.ws>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, May 19, 2014 at 9:12 AM, Yoav Weiss <yoav@yoav.ws> wrote: > Obviously, full TLS provide better user protection (for any kind of MITM), > but I think the above scheme can be used to mitigate SW specific MITM > threats, and enable SW over TLS. > > Thoughts? I don't think we ever thought it would not be possible to have service workers outside HTTPS given sufficient patching, it's just not clear that making it substantially different is a good tradeoff. And sites that use service workers ought to be using HTTPS anyway. -- http://annevankesteren.nl/
Received on Monday, 19 May 2014 07:37:54 UTC