On Sat, Oct 25, 2014 at 7:51 AM, Eric Rescorla <[email protected]> wrote: >> > Unfortunately, for the reasons I mentioned in the post I linked to >> > above, >> > it's hard for the user to give informed consent here, as they don't >> > understand >> > SOP, CSRF, etc. >> >> It's unclear to me what you are suggesting that we should or should not >> do. > > Well, as I said above, FF 33 is already shipping what MT and I were > able to come up with on short notice, namely: > > - A whitelist of the sites that are "legitimate" conferencing sites
This seems like an extremely unfortunate. What's the process for getting added to that whitelist? How do we enable a startup that wants to compete with Skype to do so? Will they have to go to each browser to ask to be added? How do we enable a new web browser that wants to enter the browser market to know which websites it should whitelist? Is the whitelist compiled in at build time, or do we have the ability to update old browsers? To my knowledge no standardized feature of the web platform has ever before been built around whitelisting websites. / Jonas _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
