Brendan Eich wrote:
The better course in my view is to take charge of our destiny.
That would be preferred (though we may need a backwards-compat shim for the
three or four capabilities we support now).
One thought I had the other week is to enable privileges implicitly
based on "latent trust": site has good CA-signed cert, you've connected
with SSL, you've got a password saved for this site, you are logged in.
Such a site could have some awesome powers, but not super-powers.
Hmm.... What if I don't want to save a password for sites? Maybe I'm just
paranoid, but saving passwords gives me the willies.
We should scrap all this and do something better. What, I'm not sure.
OK. That's about where I am. Now where do we go from here? ;)
-Boris
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security