W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Proposal: Marking HTTP As Non-Secure

From: Chris Palmer <palmer@google.com>
Date: Thu, 28 Jan 2016 13:41:43 -0800
Message-ID: <CAOuvq23bf16UgO9s-mKdnT0uSPQ=xuEp+FPuS8_bPwEB4QkSPQ@mail.gmail.com>
To: jirkadanek7@gmail.com
Cc: blink-dev <blink-dev@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>, cliodice@mindspark.com
On Thu, Jan 28, 2016 at 8:46 AM, <jirkadanek7@gmail.com> wrote:

On Monday, January 25, 2016 at 8:44:35 PM UTC+1, clio...@mindspark.com
>> wrote:
> Hi all, what is the status of this proposal? It calls out for a deployment
> plan in 2015, but that did not materialize. What is the latest? Thanks!
> Regarding Chromium:
> """On Tuesday, during a presentation at the Usenix Enigma security
> conference in San Francisco, Google pushed the proposal out in the open
> with much more fanfare, and gave a sneak peek of how it’s going to look.
> (You can see the little red “x” on the padlock in the URL bar.)"""
> --
> https://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https

That article is inaccurate. That screenshot is from a presentation by
Cloudflare, not Google, and does not constitute an announcement from
Google. It's just what you can get by turning on the Mark Non-Secure
Origins As Non-Secure flag in chrome://flags (which I added quite a while

We'll announce something when we're ready, though.
Received on Thursday, 28 January 2016 21:42:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC