W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Proposal: Marking HTTP As Non-Secure

From: Eitan Adler <lists@eitanadler.com>
Date: Fri, 29 Jan 2016 19:09:19 -0800
Message-ID: <CAF6rxgmTDvCNoY9=qVbuzQ5zyWmNR1tetNgEdm5hSPe+qZREeg@mail.gmail.com>
To: richard@leapbeyond.com
Cc: Security-dev <security-dev@chromium.org>, public-webappsec@w3.org, blink-dev@chromium.org, dev-security@lists.mozilla.org
On 29 January 2016 at 13:09,  <richard@leapbeyond.com> wrote:

> There is little inherently "broken" about HTTP (without the "S").  It has security limitations which it's audience accepts.  Over the years people have been trained to look for proactive signs of security (https, green lock, etc) when they are doing activities that are sensitive (email, banking transactions, etc).

There is a ton of UI/UX research that people do not notice the absence
of positive indicators.  One can train as much as they want, but the
training has not worked to date.

Eitan Adler
Received on Saturday, 30 January 2016 03:11:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC