Re: Public Key Pinning (was Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure)

On Sat, Dec 27, 2014 at 6:20 PM, Ryan Sleevi <rsleevi@chromium.org> wrote:
> ...
> You seem to be operating from quite a bit of confusion about pinning or how
> it works, and from that have drawn a number or inaccurate

I think I have quite a good idea about how pinning works. I was using
it as a security control long before the draft was proposed to the
IETF.

> (and, in some
> cases, inflammatory) conclusions.

Well, I'm not sure what to say. If holding leaders responsible, then I
am guilty as charged.

> Rather than cross-posting to a variety of lists on an unrelated thread,
> perhaps it best to continue the discussions in the IETF.

My apologies to other lists. I'm going to add WebCrypto to this one
since the reply below seems very relevant.

> There is no shadowy committee politiking for compromise waiting for you
> there - it was simply a bad and inherently inconsistent idea removed,
> recognized as such by technically savvy people during the process of
> standardizing.

Oh, the irony of your earlier ad hominem claims. The best I can tell,
you been running rough shot over every group you've been a member of.
When someone disagrees with you, you regress precisely into personal
attacks. Your behavior has particularly distasteful on WebCrypto, and
you've been criticized quite a few times for it by others.

>From WebCrypto, you probably realized that I try not to engage in the
personal attacks and insults. That seems to have promoted your poor
behavior. I suppose I'm partially to blame because I allowed it to
happen in an effort to improve harmony. My apologies for that.

Jeff

Received on Saturday, 27 December 2014 23:52:09 UTC