On Wed, Sep 23, 2015 at 9:04 AM, Dave Longley <dlong...@digitalbazaar.com> wrote: > On 09/23/2015 09:57 AM, Harry Halpin wrote: >> >> On 09/23/2015 03:42 AM, Anders Rundgren wrote: >>> >>> In my opinion the #1 problem with this discussion is that when you >>> mention >>> things that doesn't match the SOP vision like the fact that Android-, >>> Apple-, >>> and Samsung-Pay doesn't work on the Web, dead silence is all you get. >> >> >> Since the same origin policy is the primary meaningful security boundary >> on the Web, I expect for most people interested in security and privacy >> that emails that dismiss SOP are generally put in the spam folder. >> >> I do understand some people are interested in creating, for example, >> 'unique identifier' across all websites such as in the form of a X.509 >> certificate. These sort of totalitarian identity scheme... > > > "dismissing"? "totalitarian"? These words have meanings that don't seem to > line up with their usage here, but their connotations do yield negative > visceral reactions. Is the goal discord or understanding? > > I've really only been following this thread from the sidelines, but who has > dismissed SOP? Who has shown interest in creating a 'unique identifier' > across all websites? Are you referencing a different discussion?
He might be referring to https://groups.google.com/a/chromium.org/d/msg/blink-dev/pX5NbX0Xack/JN-v2FEmBgAJ, which expresses a goal to "allow[] you to use one certificate to authenticate to all servers". Jeffrey
