W3C home > Mailing lists > Public > public-web-security@w3.org > September 2015

Re: Removing trolls and off-topic conversation from Web Security IG? [was Re: A Somewhat Critical View of SOP (Same Origin Policy)]

From: Martin Paljak <martin.paljak@ria.ee>
Date: Wed, 23 Sep 2015 19:25:07 +0300
To: Harry Halpin <hhalpin@w3.org>, Anders Rundgren <anders.rundgren.net@gmail.com>, Alex Russell <slightlyoff@google.com>
CC: <public-web-security@w3.org>, Tony Arcieri <bascule@gmail.com>, Brad Hill <hillbrad@gmail.com>, Rigo Wenning <rigo@w3.org>
Message-ID: <5602D263.8070003@ria.ee>

On 23/09/15 18:45, Harry Halpin wrote:
> At this point, I think it would be a useful discussion for the Chair of
> the IG to move the IG to member-only in a re-chartering, as it may be
> the only way to keep the discussion on-topic.

What exactly is off-topic or trolling?

It seems to me that people have quite nicely tried to bring up the
possibility of at least *discussing* security models other than SOP for
certain scnarios, but are being turned down with "you don't seem to know
how the Web works, the Web will not work with that, only SOP is ever
being discussed, period".

While SOP is a fundamental principle for web security, I don't think it
is *the* principle everything and anything must comply to. Am I wrong?

Maybe it makes sense to remind two nice sayings:

"Browser is supposed to be a User-Agent, not Industry-Agent"
"If all you have is a hammer, everything starts to look like a nail"

I don't know what exactly you think by "the Web" but it seems that there
is a fundamental difference in understanding what the user actually
wants or is supposed to want or is allowed to want.

Clearly articulating that you don't care and don't want to listen is OK,
but rejecting meaningful dialogue by masking it as "trolling" is not
going to lead to fruitful results.

I think it is obvious that there is a fundamental difference between how
certain groups think or envision "the web" but I see no fundamental
reason why the two groups can't work together on technical terms,
finding the balance and compromises between the different approach to
security, privacy etc.

Except for "don't want to play together, so no point in trying" is the
reason, in which case it really makes no sense. That's not the web I'm into.

Cybersec R&D
+372 515 6495
Received on Wednesday, 23 September 2015 16:25:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:38 UTC