W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Proposal: Marking HTTP As Non-Secure

From: Chris Palmer <palmer@google.com>
Date: Fri, 29 Jan 2016 15:02:58 -0800
Message-ID: <CAOuvq21DUSZLLG6X1vkB3fhSqWG0XLrm5vNwHz-=twO5aG3dqw@mail.gmail.com>
To: richard@leapbeyond.com
Cc: Security-dev <security-dev@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, blink-dev <blink-dev@chromium.org>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>
On Fri, Jan 29, 2016 at 1:09 PM, <richard@leapbeyond.com> wrote:

You would be much better advised to create proactive mechanisms for
> detecting suspicious activity (man-in-the-middle attacks) and alerting when
> there really is a bonafide threat

That is exactly what HTTPS is.

, as opposed to creating signal pollution in your UX.

I leave you with this:
> http://image.shutterstock.com/z/stock-photo-street-intersection-congested-with-street-signs-57695734.jpg

Currently, Chrome (and most other browsers) show only the equivalent of the
traffic light. We propose to wire up the red lamp. (Recently, we unhooked
the yellow lamp, precisely because a proliferation of signals confuses and
annoys people:

There are no plans, at the moment, to add a No Skateboarding sign to Chrome.
Received on Friday, 29 January 2016 23:03:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC