- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 23 Oct 2014 15:55:07 +0200
- To: Mike West <mkwst@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 3:41 PM, Mike West <mkwst@google.com> wrote: > Chrome will need to implement something in Q1 as part of the SHA-1 > deprecation, as outlined here: > http://googleonlinesecurity.blogspot.de/2014/09/gradually-sunsetting-sha-1.html. That talks about UI. It doesn't say that this will affect an origin's ability to use crypto (for instance). Anyway, if we need something like this I would a) kind of like to migrate/alias document's origin and a worker's origin to/on an environment settings object. Then I'd also like it that when an environment settings object is created we put additional data about unauthenticated, weakly authenticated, vs authenticated on it. And then instead of an origin check I guess I would expect an "is authenticated environment settings object" check. (It can remain an origin check I suppose if we stick the additional fields on an origin so it becomes more than just a tuple.) > Firefox might be in a similar position? I don't know. -- https://annevankesteren.nl/
Received on Thursday, 23 October 2014 13:55:34 UTC