- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Wed, 23 Sep 2015 12:04:05 -0400
- To: Harry Halpin <hhalpin@w3.org>, Anders Rundgren <anders.rundgren.net@gmail.com>, Alex Russell <slightlyoff@google.com>
- CC: public-web-security@w3.org, Tony Arcieri <bascule@gmail.com>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Rigo Wenning <rigo@w3.org>
On 09/23/2015 09:57 AM, Harry Halpin wrote: > On 09/23/2015 03:42 AM, Anders Rundgren wrote: >> In my opinion the #1 problem with this discussion is that when you >> mention >> things that doesn't match the SOP vision like the fact that Android-, >> Apple-, >> and Samsung-Pay doesn't work on the Web, dead silence is all you get. > > Since the same origin policy is the primary meaningful security boundary > on the Web, I expect for most people interested in security and privacy > that emails that dismiss SOP are generally put in the spam folder. > > I do understand some people are interested in creating, for example, > 'unique identifier' across all websites such as in the form of a X.509 > certificate. These sort of totalitarian identity scheme... "dismissing"? "totalitarian"? These words have meanings that don't seem to line up with their usage here, but their connotations do yield negative visceral reactions. Is the goal discord or understanding? I've really only been following this thread from the sidelines, but who has dismissed SOP? Who has shown interest in creating a 'unique identifier' across all websites? Are you referencing a different discussion? I have seen more subtle arguments put forth than what you suggest. Even advocates of using an email address from a super provider as a 'unique identifier' don't suggest it be done across *all* websites. It is considered good practice to avoid setting up strawmen arguments or those that can't be differentiated from such because of a lack of context. Strawmen are easy to create and fun to knock down, but they don't advance a discussion in any substantive way. You can't demonstrate that an argument is lacking in substance by attacking a different argument. It's also recommended that we be fairly slow in convincing ourselves that we have a good grasp on the measure of what other people understand. Miscommunication is commonplace on the Internet. It takes a while to gather enough information to really understand what another person is thinking. If you don't have that time, that's fine, don't engage. I'm on board with that aspect of your argument. However, I would consider it a mistake to dismiss (proper usage) your email on the basis that you had some basic semantic and grammatical errors. A few mistakes, trivial or otherwise, are not sufficient information for one to judge the totality of another's understanding of a subject. Telling someone who makes a mistake that have to come back after they've completed a task that cannot possibly eliminate all mistakes is just a different way of expressing the halting problem. -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Wednesday, 23 September 2015 16:04:34 UTC