- From: Chris Palmer <palmer@google.com>
- Date: Mon, 23 May 2016 12:11:30 -0700
- To: Frederik Creemers <frederikcreemers@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAOuvq21cNb--na9sCXcuxNoZzAJMr=j5TCps8q-SsDNCktSS6A@mail.gmail.com>
On Mon, May 23, 2016 at 12:04 PM, Frederik Creemers < frederikcreemers@gmail.com> wrote: Thank you for the reply, it makes total sense. It looks to me like the > biggest issue here is transparency to the user. Security and privacy are > complicated, even for tech savvy people, and you can't expect most people > to take the time to overthink what security guarantees a particular web > application they're using does and does not offer, so I understand browsers > want to give users a very clear "this website is secure" or "this website > is not secure" signal. Your response has also made me realize that there's > no workaround for this that I can implement, as there's nothing that I can > set up to magically make the connection between the user's browser and the > podcaster's server secure (authenticated and encrypted). > Well, technically, it would be possible to lie. You could have your server proxy the original podcast servers, and then the browsers would think that the podcasts came from https://yourserver.com. But, that would be lying :) and it would also incur heavy bandwidth costs on you. Also, I am not a lawyer, but it might be that not all podcast publishers would approve of such a plan. I guess the only thing I can do is hope that media servers start accepting > secure connections as quickly as possible. > If it makes you feel any better, you're not alone. :)
Received on Monday, 23 May 2016 19:11:59 UTC