W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] Is origin an authenticated origin?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 29 Oct 2014 20:34:43 +0100
Message-ID: <CADnb78hkcibd+h9D8rvZT+1DzOK1ayNp=60grSqdtcUUmktXbg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Tue, Oct 28, 2014 at 5:34 PM, Mike West <mkwst@google.com> wrote:
> As we've discussed before, Chrome just blocks connections it considers weak.
> Things like SSL3 and SHA-1 are lumped into "deprecated". Opera, I believe,
> is going to end up in the same boat. I suspect Firefox has a similar model,
> I suspect Safari's model is quite different, and I have no idea what IE
> does. :)

Hopefully someone will tell us if they need "weak". Now you mention
this, having something like
https://wiki.mozilla.org/Security/Server_Side_TLS for clients would be
nice. Hopefully in due course MDN will ramp up on TLS documentation
now it becomes important for all new web platform things.

Received on Wednesday, 29 October 2014 19:35:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:42 UTC