W3C home > Mailing lists > Public > www-tag@w3.org > February 2015

Re: Considering the pressure to turn HTTPS into a three-party protocol

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 16 Feb 2015 17:14:03 +1100
Cc: "www-tag@w3.org List" <www-tag@w3.org>
Message-Id: <ACCE0AAF-0DF8-4AA1-930B-08D18436C90D@mnot.net>
To: Ryan Sleevi <sleevi@google.com>

> On 16 Feb 2015, at 4:59 pm, Ryan Sleevi <sleevi@google.com> wrote:
> 
> The overall topic is that you've presented as "An Issue" for the TAG a
> question of how users use and administer their machines, and whether
> the TAG should intervene. I'm (hopefully clearly) rather opposed to
> this.

That's a concise statement of the problem, thanks. Note, however, that I'm NOT suggesting that the TAG intervene, on two fronts:

a) I'm suggesting that the TAG *talk* about it as an architectural issue -- where the actual "intervention" happens is TBD

b) I'm not suggesting that we constrain or otherwise specify *how* users use and administer their machines -- I'm wondering if browsers need to expose different / more information about the machines they're running on, and/or whether users need more education about it.

> If this is the criteria for the TAG getting involved, why not focus on
> the fact that UAs now tend to expose Developer Tools, and these
> Developer Tools may be used for nefarious purposes. [1]

Indeed. My older son is now known as a "hacker" at his high school, due to his elite devtools skills...

> Should the TAG
> provide guidance on how developers should be allowed to modify the
> DOM? Or guidance for Site Authors on how to prevent modifications to
> the DOM? Should the W3C provide security UI guidance for users who
> open their Developer Tools, discouraging them from the evil that may
> await?
> 
> You may see it as presenting strawmen,

Indeed.

> but I'm trying to show how your
> stated criteria provides a very shaky foundation, one which quickly
> encroaches on things I hope we all know to be Terribly Bad Ideas for
> the W3C to be involved in, and hopefully to demonstrate that this is
> equally one of those Terribly Bad Ideas.


Perhaps it's your perception of the criteria which is on a shaky foundation...

Cheers,


--
Mark Nottingham   https://www.mnot.net/
Received on Monday, 16 February 2015 06:14:33 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 February 2015 06:14:33 UTC