W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [SRI] Escaping mixed-content blocking for video distribution

From: Chris Palmer <palmer@google.com>
Date: Fri, 14 Nov 2014 11:38:46 -0800
Message-ID: <CAOuvq23UJJHVN7gzygVgaPMxrHsKc_k1_P_VTP_q-moSBoPGFw@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Mark Watson <watsonm@netflix.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Nov 12, 2014 at 6:15 PM, Brian Smith <brian@briansmith.org> wrote:

> We're trying to eventually disable all mixed content so that browsers'
> security indicators are simple enough to be truly meaningful to
> end-users. I think a lot of security and privacy engineers would admit
> that the actual security and privacy issues regarding HTTP vs HTTPS
> are more nuanced than all-or-nothing, but it seems like all-or-nothing
> is all we can expect end-users to understand, so that forces us into
> all-or-nothing approaches.

I prefer to frame it as "bare minimum or nothing".

In any case, it is certainly counter-productive to increase the
complexity and nuance.
Received on Friday, 14 November 2014 19:39:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC