On Fri, Apr 24, 2015 at 08:05:43PM -0700, Mike Perry wrote:
> ** Sure, there could be a pile of new attribute flags that could be set
> on every HTML resource tag that says the resource must use a "secure
> http:" channel if the parent document happened to load over a secure
> channel, but the net
To be clear, Tim is talking about "HTTPS Everywhere" in general, not the
browser extension!
On 4/24/15 8:05 PM, Mike Perry wrote:
Maciej Soltysiak:
http://www.w3.org/DesignIssues/Security-NotTheS.html
The problem with his argument is that the web (and any protocol, really)
needs a way to dem
Maciej Soltysiak:
> http://www.w3.org/DesignIssues/Security-NotTheS.html
The problem with his argument is that the web (and any protocol, really)
needs a way to demand a hard guarantee that a request must proceed over
a secure transport layer. If that layer is not available, the request
must fail.
http://www.w3.org/DesignIssues/Security-NotTheS.html
Maciej
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
