W3C home > Mailing lists > Public > public-web-security@w3.org > October 2015

Re: State of the WebCrypto API

From: Harry Halpin <hhalpin@w3.org>
Date: Sun, 11 Oct 2015 19:16:15 -0400
Message-ID: <561AEDBF.7010501@w3.org>
To: Melvin Carvalho <melvincarvalho@gmail.com>, Tony Arcieri <bascule@gmail.com>
CC: "noloader@gmail.com" <noloader@gmail.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>


On 10/11/2015 05:33 PM, Melvin Carvalho wrote:
>
>
> On 11 October 2015 at 23:08, Tony Arcieri <bascule@gmail.com
> <mailto:bascule@gmail.com>> wrote:
>
>     On Sunday, October 11, 2015, Jeffrey Walton <noloader@gmail.com>
>     wrote:
>
>         Telling folks to upgrade to Windows 8 or 10 is just bike
>         shedding. Its
>         not a answer.... 
>
>
>     Actually, I gave several options, all of which solve this problem:
>
>     1) Use this shim: https://github.com/vibornoff/webcrypto-shim
>     2) Use a more modern browser
>     3) Use a more modern OS
>
>     This thread is silly FUD, and part of an ongoing series of
>     silly FUD from Anders which is dominating the traffic here.
>
>     I again second Harry Halpin's call for the chairs to step in here
>     and do something about it.
>
>
> I think that would be an over reaction.  Perhaps chat to the chair
> about this.
>
> IMHO I've not seen anything that crosses the line, other than Harry's
> disrespectful tone in a previous thread, as pointed out by Dave
> Longley and others.  In that case I did make a complaint to the chair,
> and Im satisfied it was handled appropriately.
>
> Security is something that invokes strong feelings.  Let's try and
> calm down a bit, not go over the top, and try and be respectful of
> other people's points of view.

I agree we should be respectful of other people's point of view.
Nonetheless, it is hard to understand how people can simply be wrong
about the basics again and again. For example, expecting older browsers
or operating systems to support standards made since their release seems
a bit backwards. In general, upgrades fix security holes as well.

There are excellent free online courses and text-books that go over this
stuff very well. I highly suggest, for example, Ross Anderson's textbook:

http://www.cl.cam.ac.uk/~rja14/book.html

Civility is required. But nonetheless, so is some degree of sense and a
general understanding of Web development and security.

  yours,
       harry


>  
>
>
>
>     -- 
>     Tony Arcieri
>
>
Received on Sunday, 11 October 2015 23:16:23 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 11 October 2015 23:16:23 UTC