- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Fri, 28 Jan 2011 15:34:34 -0800
- To: gaz Heyes <gazheyes@gmail.com>
- CC: public-web-security@w3.org
On 1/28/11 2:58 PM, gaz Heyes wrote: > On 28 January 2011 22:52, Brandon Sterne <bsterne@mozilla.com> wrote: > You're just restating the opinion you gave before. You'll have to > provide more support for these types of statements if you expect to > persuade anyone. > > I don't see how I can be more clear. You said something similar to Gerv when he was trying to understand your token-stealing attack. Trust me, we are not deliberately trying to be obstinate to miss your point. We're familiar with your work. We know you've found lots of neat bugs in browsers and web sites, so your input is valuable in this discussion. But it needs to be structured in a way that can be objectively processed. > I want to implement it, I don't > understand the syntax. Your point has become muddled, unfortunately. It started as an argument against using headers to deliver the policy. To me, that seems to be an orthogonal issue to the policy syntax. Are you saying "I don't understand how to use this syntax to express a policy" or "I don't understand how to send HTTP headers"? > I have it commented out in my social network > because I don't understand the syntax. In other words I am your user. > Maybe my technical level isn't up to your standard. Maybe you should > ignore me in which case I'll happy to shut my mouth. Nobody here wants to ignore you. You're reading too much into the comments if that is the impression you are getting. I encourage you to stay engaged in this discussion, avoiding statements of pure opinion as much as possible. Best, Brandon
Received on Friday, 28 January 2011 23:35:08 UTC