- From: Mark Watson <watsonm@netflix.com>
- Date: Wed, 18 Feb 2015 08:12:40 -0800
- To: Mike West <mkwst@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Yan Zhu <yzhu@yahoo-inc.com>, Crispin Cowan <crispin@microsoft.com>, Brian Smith <brian@briansmith.org>
- Message-ID: <CAEnTvdDSuuReYtgoaw00VcGmcrJ++REeGBn_--Jrmaa7A=YHjA@mail.gmail.com>
On Wed, Feb 18, 2015 at 8:03 AM, Mike West <mkwst@google.com> wrote: > On Wed, Feb 18, 2015 at 4:49 PM, Mark Watson <watsonm@netflix.com> wrote: > >> I'm sorry you feel this is a "bikeshed" >> > > That was supposed to be a joke. :) I thought your concerns were > reasonable, and I think it's worth bringing them back to the group > explicitly. > > >> - the objective is to *avoid* future pointless nebulous discussions of >> the kind "is X 'powerful' ?" in favor of a more concrete "does X require a >> secure context ?". "Secure context" is a term we can own and define >> rigorously, "powerful" is not. >> > > I think you underestimate the ability of people to argue about terms. :) > "Secure" is certainly something that folks can and will debate. See, for > instance, the long, long threads discussing opportunistic encryption. Is > that secure? I certainly have an opinion, and I know completely reasonable > folks who completely disagree with me. > Those are at least technical debates about the specific technical issue at hand (security). I think the debate about whether a feature requires a secure context should be exactly like that: a feature should get into the "requires secure context" category because it has specific properties that justify that, not just because it is an awesome - or powerful - feature in a more general sense. > > >> You could reasonably drop the qualifier "sufficiently" on the grounds >> that we don't generally bother writing specs for things that are >> "insufficient" and you could name the section "Features requiring secure >> contexts". >> > > I think at some point we need to accept that we're defining a term. If > it's the case that defining "sufficiently secure" is as likely to cause > debate as defining "powerful feature", then let's leave things as they are, > because "POWER" is a totally radical name for a spec. > I was just suggesting even simpler terms, since you expressed concern about verbosity. …Mark > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth > Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >
Received on Wednesday, 18 February 2015 16:13:12 UTC