- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 25 Nov 2014 12:08:35 +0100
- To: Mike West <mkwst@google.com>
- Cc: Brian Smith <brian@briansmith.org>, Jake Archibald <jakearchibald@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Nov 25, 2014 at 9:16 AM, Mike West <mkwst@google.com> wrote: > On Mon, Nov 24, 2014 at 11:26 PM, Brian Smith <brian@briansmith.org> wrote: >> If there at least two browsers implement the >> blocking of some particular kinds of deprecated TLS thing as mixed >> content, then given a non-empty list of such things, I would be happy >> to donate my time to writing the normative text for them. > > Browsers certainly block certain kinds of TLS. SSL 3.0, for instance. And > terrible cipher suites that we all know are bad. Listing all the bad crypto > that browsers don't support would take a while. Blacklists are sad; a whitelist would be great. -- https://annevankesteren.nl/
Received on Tuesday, 25 November 2014 11:09:02 UTC