Re: [UPGRADE]: What's left? from Mike West on 2015-03-06 (public-webappsec@w3.org from March 2015)

From: Mike West <mkwst@google.com>
Date: Fri, 6 Mar 2015 16:22:03 +0100
To: T Guild <ted@w3.org>
Cc: Yves Lafon <ylafon@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Jeff Hodges <Jeff.Hodges@kingsmountain.com>, Tanvi Vyas <tanvi@mozilla.com>, Peter Eckersley <pde@eff.org>, Daniel Appelquist <appelquist@gmail.com>, Alex Russell <slightlyoff@google.com>, Jose Kahan <jose.kahan@w3.org>
Message-ID: <CAKXHy=fkiSRndajictp-q7PvdE9taP9Z1rWJBSctdjdEKuoy_A@mail.gmail.com>

On Fri, Mar 6, 2015 at 4:02 PM, Ted Guild <ted@w3.org> wrote:

> Especially given how a couple prominent examples are archives you may
> want to include an archivist perspective.  It is not just about the cost
> of editing all the content but the hesitation for a curator as a
> preservationist to do so.  I would be very reluctant for instance to
> modify historic content on w3.org that has been untouched for twenty
> years and predated https being a standard.
>

Noted in https://github.com/w3c/webappsec/issues/208.


> > Are there other barriers to migration that this doesn't address?
>
> Not that I'm aware of.  There is another colleague, Jose Kahan, I would
> like to consult, he is away at present and can hopefully respond next
> week.
>

Looking forward to additional feedback! :)


> > Exactly. The intent is to avoid the insecure content warning, and
> > that's how Chrome's experimental implementation works. Perhaps it's
> > worth adding a note about that to the document...
>
> We would be interested in trying out your experimental implementation
> against a test instance of our site.
>

Grab Canary, and
enable chrome://flags/#enable-experimental-web-platform-features. You
should start seeing the feature in action. I'd say it's 90% working at this
point. I'd be _very_ interested in additional feedback.

-mike

Received on Friday, 6 March 2015 15:22:51 UTC