W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: BIKESHED: Rename "Powerful features"?

From: Mark Watson <watsonm@netflix.com>
Date: Wed, 18 Feb 2015 08:12:40 -0800
Message-ID: <CAEnTvdDSuuReYtgoaw00VcGmcrJ++REeGBn_--Jrmaa7A=YHjA@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Yan Zhu <yzhu@yahoo-inc.com>, Crispin Cowan <crispin@microsoft.com>, Brian Smith <brian@briansmith.org>
On Wed, Feb 18, 2015 at 8:03 AM, Mike West <mkwst@google.com> wrote:

> On Wed, Feb 18, 2015 at 4:49 PM, Mark Watson <watsonm@netflix.com> wrote:
>> I'm sorry you feel this is a "bikeshed"
> That was supposed to be a joke. :) I thought your concerns were
> reasonable, and I think it's worth bringing them back to the group
> explicitly.
>> - the objective is to *avoid* future pointless nebulous discussions of
>> the kind "is X 'powerful' ?" in favor of a more concrete "does X require a
>> secure context ?". "Secure context" is a term we can own and define
>> rigorously, "powerful" is not.
> I think you underestimate the ability of people to argue about terms. :)
> "Secure" is certainly something that folks can and will debate. See, for
> instance, the long, long threads discussing opportunistic encryption. Is
> that secure? I certainly have an opinion, and I know completely reasonable
> folks who completely disagree with me.

​Those are at least technical debates about the specific technical issue at
hand (security). I think the debate about whether a feature requires a
secure context should be exactly like that: a feature should get into the
"requires secure context" category because it has specific properties that
justify that, not just because it is an awesome - or powerful - feature in
a more general sense.

>> You could reasonably drop the qualifier "sufficiently" on the grounds
>> that we don't generally bother writing specs for things that are
>> "insufficient" and you could name the section "Features requiring secure
>> contexts".
> I think at some point we need to accept that we're defining a term. If
> it's the case that defining "sufficiently secure" is as likely to cause
> debate as defining "powerful feature", then let's leave things as they are,
> because "POWER" is a totally radical name for a spec.

​I was just suggesting even simpler terms, since you expressed concern
about verbosity.


> --
> Mike West <mkwst@google.com>, @mikewest
> Google Germany GmbH, Dienerstrasse 12, 80331 München,
> Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
> Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
> Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 18 February 2015 16:13:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:46 UTC