W3C home > Mailing lists > Public > www-tag@w3.org > February 2015

Re: Considering the pressure to turn HTTPS into a three-party protocol

From: Ryan Sleevi <sleevi@google.com>
Date: Sun, 15 Feb 2015 21:59:15 -0800
Message-ID: <CACvaWvZKbjK=S7z=ce0UXLH_u2JAa8FEYZfYYoYtuzUs85hMEQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: "www-tag@w3.org List" <www-tag@w3.org>
On Sun, Feb 15, 2015 at 9:31 PM, Mark Nottingham <mnot@mnot.net> wrote:
> Noted. It'd be great if you could address the overall topic, rather than picking at terminology, building straw men, etc...

The overall topic is that you've presented as "An Issue" for the TAG a
question of how users use and administer their machines, and whether
the TAG should intervene. I'm (hopefully clearly) rather opposed to
this.

If this is the criteria for the TAG getting involved, why not focus on
the fact that UAs now tend to expose Developer Tools, and these
Developer Tools may be used for nefarious purposes. [1] Should the TAG
provide guidance on how developers should be allowed to modify the
DOM? Or guidance for Site Authors on how to prevent modifications to
the DOM? Should the W3C provide security UI guidance for users who
open their Developer Tools, discouraging them from the evil that may
await?

You may see it as presenting strawmen, but I'm trying to show how your
stated criteria provides a very shaky foundation, one which quickly
encroaches on things I hope we all know to be Terribly Bad Ideas for
the W3C to be involved in, and hopefully to demonstrate that this is
equally one of those Terribly Bad Ideas.

[1] https://www.facebook.com/help/246962205475854
Received on Monday, 16 February 2015 05:59:42 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 February 2015 05:59:43 UTC