- From: Martin Paljak <martin.paljak@ria.ee>
- Date: Wed, 23 Sep 2015 19:25:07 +0300
- To: Harry Halpin <hhalpin@w3.org>, Anders Rundgren <anders.rundgren.net@gmail.com>, Alex Russell <slightlyoff@google.com>
- CC: <public-web-security@w3.org>, Tony Arcieri <bascule@gmail.com>, Brad Hill <hillbrad@gmail.com>, Rigo Wenning <rigo@w3.org>
Hello, On 23/09/15 18:45, Harry Halpin wrote: > At this point, I think it would be a useful discussion for the Chair of > the IG to move the IG to member-only in a re-chartering, as it may be > the only way to keep the discussion on-topic. What exactly is off-topic or trolling? It seems to me that people have quite nicely tried to bring up the possibility of at least *discussing* security models other than SOP for certain scnarios, but are being turned down with "you don't seem to know how the Web works, the Web will not work with that, only SOP is ever being discussed, period". While SOP is a fundamental principle for web security, I don't think it is *the* principle everything and anything must comply to. Am I wrong? Maybe it makes sense to remind two nice sayings: "Browser is supposed to be a User-Agent, not Industry-Agent" and "If all you have is a hammer, everything starts to look like a nail" I don't know what exactly you think by "the Web" but it seems that there is a fundamental difference in understanding what the user actually wants or is supposed to want or is allowed to want. Clearly articulating that you don't care and don't want to listen is OK, but rejecting meaningful dialogue by masking it as "trolling" is not going to lead to fruitful results. I think it is obvious that there is a fundamental difference between how certain groups think or envision "the web" but I see no fundamental reason why the two groups can't work together on technical terms, finding the balance and compromises between the different approach to security, privacy etc. Except for "don't want to play together, so no point in trying" is the reason, in which case it really makes no sense. That's not the web I'm into. Martin -- Cybersec R&D www.RIA.ee +372 515 6495
Received on Wednesday, 23 September 2015 16:25:35 UTC