On 28 September 2014 17:38, Anne van Kesteren wrote:
> On Sun, Sep 28, 2014 at 3:08 PM, Karl Dubost wrote:
> > Imagine if I home developing my own little Web app on my computer, I
> need to get through the hops of deploying TLS.
>
> For testing purposes you can get by without TLS just fine. As f
On 9/27/14 02:24, Anne van Kesteren wrote:
On Fri, Sep 26, 2014 at 11:11 PM, Adam Roach wrote:
This is a matter for the relevant specification, not some secret cabal.
I was not proposing doing anything in secret.
I also contacted the relevant standards lists.
Yes, I saw that. Your proposa
Le 29 sept. 2014 à 00:38, Anne van Kesteren a écrit :
>> It doesn't visibly and directly improve the life of people. In the big
>> scheme of things, it gives an additional layer of security on their
>> communications, but not privacy.
>
> It gives privacy from passive and active network attack
On Fri, Sep 26, 2014 at 12:58 PM, Anne van Kesteren
wrote:
> Exposing geolocation on unauthenticated origins was a mistake. Copying
> that for getUserMedia() is too. I suggest that to protect our users we
> make some noise about deprecating this practice. And that in that
> message we convey we p
On Sep 28, 2014, at 6:26 AM, Anne van Kesteren wrote:
> On Sat, Sep 27, 2014 at 10:10 PM, Richard Barnes wrote:
>> Are you making an argument more subtle than "everything should be HTTPS, so
>> we should make HTTP less functional"?
>
> I'm not sure where you see me making that argument in thi
On Sun, Sep 28, 2014 at 3:08 PM, Karl Dubost wrote:
> Imagine if I home developing my own little Web app on my computer, I need to
> get through the hops of deploying TLS.
For testing purposes you can get by without TLS just fine. As far as I
know the definition of authenticated origin includes
Anne,
Le 28 sept. 2014 à 19:26, Anne van Kesteren a écrit :
> I'm not sure where you see me making that argument in this thread. I
> simply recommended we move to require TLS for privacy-sensitive APIs.
I'm usually pushing privacy (or more exactly opacity) very hard, almost in a
paranoid way. T
Yonggang Luo wrote:
For example, I have the button on the top, and the tree under the button, I
want both tree and button respond to mouse events.
They can't both respond to mouse events. However the events that don't
target the button may miss the tree because there is an intervening
elem
On Sat, Sep 27, 2014 at 10:10 PM, Richard Barnes wrote:
> Are you making an argument more subtle than "everything should be HTTPS, so
> we should make HTTP less functional"?
I'm not sure where you see me making that argument in this thread. I
simply recommended we move to require TLS for privacy
9 matches
Mail list logo
