On Tue, Mar 17, 2015 at 5:42 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > On Mon 2015-03-16 05:26:39 -0400, Mike West wrote: > > Optionally-blockable mixed content is certainly also an important issue, > > though, as it creates UI degradation, which developers very much wish to > > avoid (as noted in #2 in the email you're responding to). > > If Chrome provides degraded UI for plain http:// sites (i think this has > been discussed recently, but don't have a link handy), then the site > operators will have only one way to fix this, which is a move to full > HTTPS with mixed content at all, right? > Indeed. http://www.chromium.org/Home/chromium-security/marking-http-as-non-secure is certainly a potential end game for plaintext, but I don't think we can assume that it's going to happen quickly enough to make developers happy with a proposal that doesn't deal with the status quo. -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 17 March 2015 17:00:56 UTC