W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] Is origin an authenticated origin?

From: Mike West <mkwst@google.com>
Date: Thu, 23 Oct 2014 15:41:06 +0200
Message-ID: <CAKXHy=cTNuDO-Bjo9Z8TH6qU=GKGxeq9a0ZmWB7UJsS+W11_Ag@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WebAppSec WG <public-webappsec@w3.org>
Chrome will need to implement something in Q1 as part of the SHA-1
deprecation, as outlined here:
http://googleonlinesecurity.blogspot.de/2014/09/gradually-sunsetting-sha-1.html.
Firefox might be in a similar position?

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Thu, Oct 23, 2014 at 3:35 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Thu, Oct 23, 2014 at 3:32 PM, Mike West <mkwst@google.com> wrote:
> > Chrome simply refuses to connect to anything it considers weak or
> > deprecated, which simplifies the mixed content logic dramatically.
>
> Right, you can just check for "https" / "wss". Is there a browser that
> does not follow this approach?
>
>
> --
> https://annevankesteren.nl/
>
Received on Thursday, 23 October 2014 13:41:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC