Re: BIKESHED: Rename "Powerful features"? from Mark Watson on 2015-02-18 (public-webappsec@w3.org from February 2015)

From: Mark Watson <watsonm@netflix.com>
Date: Wed, 18 Feb 2015 07:49:41 -0800
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Yan Zhu <yzhu@yahoo-inc.com>, Crispin Cowan <crispin@microsoft.com>, Brian Smith <brian@briansmith.org>
Message-ID: <CAEnTvdAW9y0LAnvHRgoLOK-kPEOMfM1ZKySxnyJxFpF05D_Dkg@mail.gmail.com>

I'm sorry you feel this is a "bikeshed" - the objective is to *avoid*
future pointless nebulous discussions of the kind "is X 'powerful' ?" in
favor of a more concrete "does X require a secure context ?". "Secure
context" is a term we can own and define rigorously, "powerful" is not.

You could reasonably drop the qualifier "sufficiently" on the grounds that
we don't generally bother writing specs for things that are "insufficient"
and you could name the section "Features requiring secure contexts".

…Mark

PS: The "sufficiently" is also circular:
Q: Sufficient for what ?
A: Sufficient for the use of certain features to be ok
Q: Which features ?
A: The ones that require a sufficiently secure context
Q: ...

On Wed, Feb 18, 2015 at 7:19 AM, Mike West <mkwst@google.com> wrote:

> Brian, Crispin, and Mark have all expressed various degrees of displeasure
> with the "powerful features" name, arguing that it invites debate about the
> word "powerful" rather than the content of the spec (I'm paraphrasing: see
> https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0304.html for
> a more detailed description).
>
> Mark suggested "HTTP-unsafe" to get the conversation started. I'm not a
> huge fan of that formulation, as it seems equally question-begging.
>
> If the normative focus of the specification is going to be the details in
> https://w3c.github.io/webappsec/specs/powerfulfeatures/#algorithms, and
> not the discussion in
> https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-feature-powerful,
> then renaming the spec "Sufficiently Secure Contexts" might make sense. We
> could then drop the term "powerful" entirely in
> https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-feature-powerful,
> and land on the verbose-but-tautologically-correct "Features which are only
> available in sufficiently secure contexts"?
>
> WDYT?
>
> --
> Mike West <mkwst@google.com>, @mikewest
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München,
> Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
> Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
> Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>

Received on Wednesday, 18 February 2015 15:50:14 UTC