Re: [SPAM] Re: What is missing for building "real" services? from Martin Thomson on 2014-01-13 (public-webrtc@w3.org from January 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 13 Jan 2014 10:13:11 -0800
To: Tim Panton new <thp@westhawk.co.uk>
Cc: Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
Message-ID: <CABkgnnXodMOz-GDgbJpThyMJSXrwOLeMN3_nc+vG_pBktBJ56w@mail.gmail.com>

On 13 January 2014 06:13, Tim Panton new <thp@westhawk.co.uk> wrote:
> Strikes me that a good short term default would be that https:// sites
> default
> to not supporting screenshot. http:// sites allow it, as do any that have
> the
> meta-screenshot tag set.

That's somewhat attractive, but I'm not sure that that is a good idea.
 We haven't proven unequivocally that http: pages don't contain
sensitive content.

Sure, you can argue that there is nothing that an active attacker
can't already get, but that's a little different to what we're getting
here.

Received on Monday, 13 January 2014 18:13:40 UTC