Confirmed users
729
edits
Security/Meetings/2011-09-07: Difference between revisions
Security/Meetings/2011-09-07 (view source)
Revision as of 04:33, 8 September 2011
, 8 September 2011→Mixed display warnings
| Line 49: | Line 49: | ||
* Jesse thinks we should nix the "mixed display removes SSL status" feature | * Jesse thinks we should nix the "mixed display removes SSL status" feature | ||
** It's visual noise, muddying our message that you can look in the location bar to know where you are. | ** It's visual noise, muddying our message that you can look in the location bar to know where you are. | ||
** It's less security-relevant than STS (due to how cookie-setting works) | ** It's less security-relevant than STS (due to how cookie-setting works) ({{bug|685405}}) | ||
** It's not especially actionable, and not quite what you want to know: whether you ''will'' encounter mixed display, or whether there is ''any'' mixed display on the site. | ** It's not especially actionable, and not quite what you want to know: whether you ''will'' encounter mixed display, or whether there is ''any'' mixed display on the site. | ||
** Years of all browsers warning about mixed display hasn't convinced Gmail, Google Reader, or Twitter to proxy all third-party images. | ** Years of all browsers warning about mixed display hasn't convinced Gmail, Google Reader, or Twitter to proxy all third-party images. | ||
** A network attacker could redirect your other tabs to the insecure version of Gmail | ** A network attacker could redirect your other tabs to the insecure version of Gmail | ||
==Prioritization of non-features (curtis)== | ==Prioritization of non-features (curtis)== | ||
* Not just security | * Not just security | ||