- From: Kieran Farr <kieran.farr@gmail.com>
- Date: Thu, 14 Jul 2016 14:28:21 +0200
- To: Jeff Sonstein <jsonstein@gmail.com>
- Cc: "Ressler, Sandy (Fed)" <sressler@nist.gov>, "public-webvr@w3.org" <public-webvr@w3.org>
- Message-ID: <CACw3pWV8m=Cb5gVp-8h2J+LptWc9Q4r0rbkR7GaUk+66GcuhQQ@mail.gmail.com>
Just one point I haven't seen mentioned yet wrt China. In my past role for video streaming company, we worked on a few projects for customers with users in China. Anything served over SSL from a non-Chinese origin had a *significantly* higher chance of being blocked by great firewall, to the point where we recommended for practical reasons that in-country users access out-of-country content NOT via SSL, OR to go through a very onerous process with a Chinese entity to register to have a Chinese based server and cert. On Thu, Jul 14, 2016 at 2:16 PM, Jeff Sonstein <jsonstein@gmail.com> wrote: > +1 > Sandy is right > > jeffs > -- > Jeff Sonstein > Assoc. Prof. (ret'd) > College of Computing, R.I.T. > > > On Jul 14, 2016, at 8:12 AM, Ressler, Sandy (Fed) <sressler@nist.gov> > wrote: > > While I agree with the motivations of creating a more secure web…it seems > odd to have special implementation restrictions for WebVR as opposed to any > other media delivery. Certainly at the very least if HTTPS only turns out > as a requirement there needs to be a flag aka Tony’s > > --allow-file-access-from-files > > > Personally I thinks it’s overkill and overly prescriptive, the whole issue > of HTTPS should be dealt with at the HTTPS level independent of content > types and existing CORS restrictions treat all content uniformly. > Onward…Sandy > > > Sandy Ressler > High Performance Computing and Visualization Group > National Institute of Standards and Technology > 100 Bureau Drive, STOP 8911 > Gaithersburg MD, 20899 > (301) 975-3549 Fax: (301) 975-3218 > sressler@nist.gov @sressler > >
Received on Friday, 22 July 2016 20:38:36 UTC