- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 28 Oct 2014 17:05:06 +0100
- To: Mike West <mkwst@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 5:06 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > So I guess whether something is weakly authenticated should first be > exposed on a response. And then propagated by the navigate and run a > worker algorithms somehow for environment settings objects. I would prefer not using http://www.w3.org/TR/wsc-ui/ as a building block since it's not actively maintained. I think for now I'll just define a "TLS state" field which is "protected", "deprecated", or "none" and leave it up to implementers to pick between "protected" and "deprecated" (that seems to be current best practice :/) and then Mixed Content and co can build upon that. -- https://annevankesteren.nl/
Received on Tuesday, 28 October 2014 16:05:34 UTC