- From: Michael(tm) Smith <mike@w3.org>
- Date: Wed, 8 Apr 2009 14:18:32 +0900
- To: Thomas Roessler <tlr@w3.org>
- Cc: Jonas Sicking <jonas@sicking.cc>, Bil Corry <bil@corry.biz>, Ian Hickson <ian@hixie.ch>, Adam Barth <w3c@adambarth.com>, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>
Thomas Roessler <tlr@w3.org>, 2009-04-06 11:19 +0200: > (The http-wg discussion looked ill-informed; among other things, they didn't > understand the relationship with CORS.) I'm not sure if "ill-informed" is the best way to describe it (at least it's perhaps not the most diplomatic). But along with the issues such some people in the discussion maybe not understanding the relationship with CORS -- which is at least something that can be addressed (by people taking time to learn what the relationship is) -- we have what seems like a lot more serious issue of statements like "CSRF is not a security issue for the Web" being made in the discussion. Statements like that seem to indicate a real lack of agreement with them and us about what problems we need to be trying to help solve. I would think that if we can't get agreement about what the problems are, it's going to be pretty much impossible to have any productive discussion at all. --Mike -- Michael(tm) Smith http://people.w3.org/mike/
Received on Wednesday, 8 April 2009 05:18:43 UTC