W3C home > Mailing lists > Public > public-web-security@w3.org > September 2015

RE: Removing trolls and off-topic conversation from Web Security IG? [was Re: A Somewhat Critical View of SOP (Same Origin Policy)]

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Wed, 23 Sep 2015 16:32:48 +0000
To: Martin Paljak <martin.paljak@ria.ee>, Harry Halpin <hhalpin@w3.org>, Anders Rundgren <anders.rundgren.net@gmail.com>, Alex Russell <slightlyoff@google.com>
CC: "public-web-security@w3.org" <public-web-security@w3.org>, Tony Arcieri <bascule@gmail.com>, Brad Hill <hillbrad@gmail.com>, Rigo Wenning <rigo@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2A0115B17F37@A1GTOEMBXV005.gto.a3c.atos.net>
Guys,

Lets calm down.

I hear here and elsewhere that there are some requirement for amending the web security model, and as far as I know, this is not an off-topic for the web security IG, Harry.

What is off-topic, or let's say, non appropriate is to repeat things and harass the mailing list.

Regards,
Virginie - hat chair on



-----Original Message-----
From: Martin Paljak [mailto:martin.paljak@ria.ee]
Sent: mercredi 23 septembre 2015 18:25
To: Harry Halpin; Anders Rundgren; Alex Russell
Cc: public-web-security@w3.org; Tony Arcieri; Brad Hill; Rigo Wenning
Subject: Re: Removing trolls and off-topic conversation from Web Security IG? [was Re: A Somewhat Critical View of SOP (Same Origin Policy)]

Hello,

On 23/09/15 18:45, Harry Halpin wrote:
> At this point, I think it would be a useful discussion for the Chair
> of the IG to move the IG to member-only in a re-chartering, as it may
> be the only way to keep the discussion on-topic.

What exactly is off-topic or trolling?

It seems to me that people have quite nicely tried to bring up the possibility of at least *discussing* security models other than SOP for certain scnarios, but are being turned down with "you don't seem to know how the Web works, the Web will not work with that, only SOP is ever being discussed, period".

While SOP is a fundamental principle for web security, I don't think it is *the* principle everything and anything must comply to. Am I wrong?

Maybe it makes sense to remind two nice sayings:

"Browser is supposed to be a User-Agent, not Industry-Agent"
and
"If all you have is a hammer, everything starts to look like a nail"

I don't know what exactly you think by "the Web" but it seems that there is a fundamental difference in understanding what the user actually wants or is supposed to want or is allowed to want.

Clearly articulating that you don't care and don't want to listen is OK, but rejecting meaningful dialogue by masking it as "trolling" is not going to lead to fruitful results.

I think it is obvious that there is a fundamental difference between how certain groups think or envision "the web" but I see no fundamental reason why the two groups can't work together on technical terms, finding the balance and compromises between the different approach to security, privacy etc.

Except for "don't want to play together, so no point in trying" is the reason, in which case it really makes no sense. That's not the web I'm into.



Martin
--
Cybersec R&D
www.RIA.ee
+372 515 6495

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Wednesday, 23 September 2015 16:33:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:38 UTC