W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [MIX] Initial feedback on Mixed Content

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 25 Nov 2014 12:08:35 +0100
Message-ID: <CADnb78j_yOZmQCFh-bJ1L=p8rE+gtkdmLPaBSRFZy7++_saH2Q@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Brian Smith <brian@briansmith.org>, Jake Archibald <jakearchibald@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Nov 25, 2014 at 9:16 AM, Mike West <mkwst@google.com> wrote:
> On Mon, Nov 24, 2014 at 11:26 PM, Brian Smith <brian@briansmith.org> wrote:
>> If there at least two browsers implement the
>> blocking of some particular kinds of deprecated TLS thing as mixed
>> content, then given a non-empty list of such things, I would be happy
>> to donate my time to writing the normative text for them.
>
> Browsers certainly block certain kinds of TLS. SSL 3.0, for instance. And
> terrible cipher suites that we all know are bad. Listing all the bad crypto
> that browsers don't support would take a while.

Blacklists are sad; a whitelist would be great.


-- 
https://annevankesteren.nl/
Received on Tuesday, 25 November 2014 11:09:02 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC