On Sun, Sep 28, 2014 at 3:08 PM, Karl Dubost <kdub...@mozilla.com> wrote: > Imagine if I home developing my own little Web app on my computer, I need to > get through the hops of deploying TLS.
For testing purposes you can get by without TLS just fine. As far as I know the definition of authenticated origin includes localhost. > Asking everyone to adopt TLS is a bit like asking everyone to switch to XML. Not really. XML requires redesigning your entire application from the ground up. Adding TLS is a little bit of configuration. Completely different ballpark. > It doesn't visibly and directly improve the life of people. In the big scheme > of things, it gives an additional layer of security on their communications, > but not privacy. It gives privacy from passive and active network attackers, no? > Even more so, telling to people that they have more privacy because the > communication is secure end-to-end is deeply misleading. Secured geolocations > end-to-end to an aggregator such as FourSquare, Google, Facebook, etc. > doesn't change anything about your privacy. That's a question of trust, not one of privacy. -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
