W3C home > Mailing lists > Public > public-web-security@w3.org > February 2015

Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 3 Feb 2015 09:02:23 -0800
Message-ID: <CACvaWvbNtx6HpzamYm3VCN-j8zo05yq11obRUOTLJ2w_a9yqpQ@mail.gmail.com>
To: Siva Narendra <siva@tyfone.com>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, public-webcrypto-comments@w3.org, public-web-security@w3.org, Rigo Wenning <rigo@w3.org>, GALINDO Virginie <Virginie.Galindo@gemalto.com>
On Feb 3, 2015 8:49 AM, "Siva Narendra" <siva@tyfone.com> wrote:
>
> Is payments also an overkill?
>

Failing to consider privacy as a valid concern or declaring users privacy
irrelevant (as it seems Rigo is doing) will always cause your use case to
be called overkill.

Put differently, there is no use case that is valuable enough that should
cause us to be willing to suspend the priority of constituencies and ignore
the very real privacy and security risks users face. And before anyone
slips into some trite argument that "Not implementing X is not putting
users first" - no, privacy and security is the one universal that trumps
all.

So it is disingenuous and counterproductive to frame the discussion as "X
not being a valid use case" or "Y being overkill". The argument remains
unchanged for the past three years - any solution that does not preserve
users privacy and security is unacceptable, full stop.

If you provide and explore a solution that preserves these two aspects -
and this thread has many such concrete examples of ways in which the
proposals to date have failed miserably at doing so - then it may be worth
discussing. But *no* use case is worth trumping these concerns, and it is
not the *use case* being rejected, but the "solutions" being put forth.
Received on Tuesday, 3 February 2015 17:03:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 3 February 2015 17:03:50 UTC