Re: [powerful-features] The note about responsible documents and workers makes no sense

> Anyway, per the WHATWG spec the algorithm at
> https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-secure
> would check the TLS state of the worker and if that's authenticated return
> "Secure".  The note in step 2 just has no bearing on what the algorithm is
> doing.

Hmmm... Authentication is not authorization.

What happens when one of those interception proxies MitM's the
connection? The authentication assurances that are supposed to exist
don't even exist in this case. They were disgorged due to the security
model...

Jeff

Received on Wednesday, 1 July 2015 23:17:30 UTC