- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Tue, 03 Feb 2015 05:11:21 -0500
- To: Mike West <mkwst@google.com>, Peter Eckersley <pde@eff.org>
- CC: Anne van Kesteren <annevk@annevk.nl>, WebAppSec WG <public-webappsec@w3.org>, Ryan Sleevi <sleevi@google.com>, Adam Langley <agl@google.com>
On 02/03/2015 04:00 AM, Mike West wrote: > That's not what I mean to say. With regard to the W3C, my (apocryphal?*) > understanding is that the main blocker to deploying HTTPS more widely is > legacy clients, not legacy content, and that they'd need to alter the > source in order to get over that hurdle. The legacy concern was specific to > this example, not a general statement on adding features to the platform. > > *Wendy (hi!) could probably comment here. My understanding of the problem on W3C's site is a combo of huge amounts of legacy content and desire to continue making resources available to legacy clients. (I think we as a site should upgrade top-level pages to HTTPS, serve the mixed content and upgrade additional pages and their resources over time, but I don't set site policy.) --Wendy -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Tuesday, 3 February 2015 10:11:36 UTC