W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] Is origin an authenticated origin?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 23 Oct 2014 16:16:02 +0200
Message-ID: <CADnb78izSGA3OaA_SoxoN6+BHBhKp4BFfqpaiBq==xDxftBZRQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 3:58 PM, Mike West <mkwst@google.com> wrote:
> As of Chrome 41: "Sites with end-entity certificates that expire on or after
> 1 January 2017, and which include a SHA-1-based signature as part of the
> certificate chain, will be treated as “affirmatively insecure”. Subresources
> from such domain will be treated as “active mixed content”. "

But isn't that the same as a network error? (As in, not in need of the
"weakly authenticated" bit.)

Received on Thursday, 23 October 2014 14:16:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC