W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [blink-dev] Proposal: Marking HTTP As Non-Secure

From: Jim Manico <jim.manico@owasp.org>
Date: Wed, 7 Jan 2015 06:47:00 -0500
Message-ID: <-8164727280617125804@unknownmsgid>
To: Craig Francis <craig.francis@gmail.com>
Cc: Jiri Danek <softwaredevjirka@gmail.com>, "mozilla-dev-security@lists.mozilla.org" <mozilla-dev-security@lists.mozilla.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>, blink-dev <blink-dev@chromium.org>
> e.g. any feedback for a failed HPKP header?

You mean the •experimental• HPKP headers that my friends in London
were using on their sites, discovered a few bugs, and submitted that
feedback directly to the Chrome developer over the holidays (who was
stoked for the feedback and is working on fixes), and we'll see those
updates in Chromium soon? Those headers?


Every time a password field is sent over HTTP I cry a little on the
inside, but I will work through it somehow.... •wink•

Jim Manico
(808) 652-3805

> On Jan 7, 2015, at 5:35 AM, Craig Francis <craig.francis@gmail.com> wrote:
> e.g. any feedback for a failed HPKP header
Received on Wednesday, 7 January 2015 11:47:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC