Re: A Somewhat Critical View of SOP (Same Origin Policy) from Rigo Wenning on 2015-09-17 (public-webappsec@w3.org from September 2015)

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 17 Sep 2015 14:57:21 +0200
To: Tony Arcieri <bascule@gmail.com>
Cc: Henry Story <henry.story@co-operating.systems>, Alex Russell <slightlyoff@google.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, Mike O'Neill <michael.oneill@baycloud.com>, "public-web-security@w3.org" <public-web-security@w3.org>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <1573884.ACRkJSQ5fp@hegel>

On Wednesday 16 September 2015 12:12:39 Tony Arcieri wrote:
> This is a terrible user experience.

The entire UX around security in the browser is terrible
http://www.w3.org/2014/privacyws

As user or even as expert, have you ever tried to understand what the 
certificate means that you had to accept because the service didn't spend the 
money to have a cert from the browser registered CAs? 

I don't blame anybody, but we have WAY to go there. 

 --Rigo

Received on Thursday, 17 September 2015 12:57:33 UTC