W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] Is origin an authenticated origin?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 29 Oct 2014 20:34:43 +0100
Message-ID: <CADnb78hkcibd+h9D8rvZT+1DzOK1ayNp=60grSqdtcUUmktXbg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Tue, Oct 28, 2014 at 5:34 PM, Mike West <mkwst@google.com> wrote:
> As we've discussed before, Chrome just blocks connections it considers weak.
> Things like SSL3 and SHA-1 are lumped into "deprecated". Opera, I believe,
> is going to end up in the same boat. I suspect Firefox has a similar model,
> I suspect Safari's model is quite different, and I have no idea what IE
> does. :)

Hopefully someone will tell us if they need "weak". Now you mention
this, having something like
https://wiki.mozilla.org/Security/Server_Side_TLS for clients would be
nice. Hopefully in due course MDN will ramp up on TLS documentation
now it becomes important for all new web platform things.


-- 
https://annevankesteren.nl/
Received on Wednesday, 29 October 2014 19:35:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC