Re: State of the WebCrypto API

On 12 October 2015 at 01:33, Jeffrey Walton <noloader@gmail.com> wrote:

> > I agree we should be respectful of other people's point of view.
> > Nonetheless, it is hard to understand how people can simply be wrong
> about
> > the basics again and again. For example, expecting older browsers or
> > operating systems to support standards made since their release seems a
> bit
> > backwards. In general, upgrades fix security holes as well.
>
> There are two different concepts here. The first is bug and security
> fixes; and second is feature enhancements.
>
> Companies like Apple and Microsoft sell their software and hardware,
> so they have an obligation to fix their defective products. In some
> jurisdictions, it may be a legal requirement.
>
> > There are excellent free online courses and text-books that go over this
> > stuff very well. I highly suggest, for example, Ross Anderson's textbook:
> >
> > http://www.cl.cam.ac.uk/~rja14/book.html
>
> Peter Gutmann has a very good practical book, too:
> https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf.
>
> I've read both, and I don't recall either claiming its OK to ship
> software, leave it unpatched and then abandon it (like Apple and
> Microsoft does).
>

Thanks for the references, but I think this is drifting off topic.

I dont always agree with Anders' views, but respect his knowledge,
implementation experience, and input.  It is certainly greater than many.

Attack the argument, not the person.  IMHO, phrases like "people can simply
be wrong about the basics again and again" have no place on this list,
however strongly they are felt.

If someone is out of line, by all means call them out.  But please let's
try and do it in a civil way.  Respect for others should be unconditional,
not qualified.


>
> Jeff
>
>