Re: Draft finding - "Transitioning the Web to HTTPS" from Chris Palmer on 2014-12-10 (www-tag@w3.org from December 2014)

From: Chris Palmer <palmer@google.com>
Date: Wed, 10 Dec 2014 10:58:07 -0800
To: Sam Ruby <rubys@intertwingly.net>
Cc: "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <CAOuvq229tstv-ERWNsfv_tL_7=Up8CaHWtnHrOHZ-MeMGGGkew@mail.gmail.com>

On Wed, Dec 10, 2014 at 10:28 AM, Sam Ruby <rubys@intertwingly.net> wrote:

> I'll assert that 'http://localhost:8088/' is secure.  More precisely, if
> that can't be secured, then one needs to give up all hope.  I'd suggest that
> a web server on a camera connected via USB to a desktop is another such
> scenario.

Yes, that's why I wrote this:

http://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

Mike West is formalizing these concepts in the POWER and MIX
specifications, underway now.

Received on Wednesday, 10 December 2014 18:58:34 UTC