W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

RE: Draft finding - "Transitioning the Web to HTTPS"

From: Domenic Denicola <d@domenic.me>
Date: Wed, 10 Dec 2014 13:44:40 +0000
To: "Eric J. Bowman" <eric@bisonsystems.net>, Chris Palmer <palmer@google.com>
CC: Melvin Carvalho <melvincarvalho@gmail.com>, Mark Nottingham <mnot@mnot.net>, "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <CY1PR0501MB1369DD8AD6B614035A1B9B77DF620@CY1PR0501MB1369.namprd05.prod.outlook.com>
From: Eric J. Bowman [mailto:eric@bisonsystems.net] 

> Try to put yourself in the shoes of a forum operator wondering where everyone's gone.

Possibly to forums that don't allow attackers (including those sitting next to them in the Starbucks public wifi), governments, or ISPs to:

- track their usage (confidentiality)
- insert ads into the forum's content, or
- modify the opinions of people expressed therein to e.g. support certain products or avoid criticizing certain ideas (integrity)
- steal their login credentials and impersonate them (authentication)

As Wendy emphasizes, the fact that we as a community have been getting a free pass on these three properties for so many years doesn't mean they aren't important.
> Copy https video url + paste into http post = empty iframe.

This has nothing to do with https, but instead with X-Frame-Options, which is orthogonal. A http site can also prevent this, and if it does so, it will prevent both secure and insecure sites from embedding.
Received on Wednesday, 10 December 2014 13:45:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC