- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 28 Sep 2016 10:17:41 +0200
- To: Crispin Cowan <crispin@microsoft.com>
- Cc: Mike West <mkwst@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, "wilander@apple.com" <wilander@apple.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Sep 28, 2016 at 12:18 AM, Crispin Cowan <crispin@microsoft.com> wrote: > On the perfect being the enemy of the good: you are quite right, I am > describing an idealized world. I thought that’s what Standards are for, and > we then work towards them? Conversely, it seems like it would be bad to > standardize on “good enough for now” and then need to change it. We standardize what ships or we estimate we can ship within a short amount of time. It's not at all that aspirational as you make it out to be. E.g., in some idealized world I might have wished there would be no need to have written https://encoding.spec.whatwg.org/ but the fact is that there's more than UTF-8 in use. Ignoring that leads to issues for users and is also anti-competitive to some extent as it hinders new browsers from entering the market. > Edge can’t do an effective job of CORS Preflight right now due to > architectural issues which we hope to address in the future. Meanwhile we > keep Edge users safe from loopback attack with a different mitigation that > is not worthy of floating as a standard. Why not? If it works and is deployed today... > What is “happy eyeballs”? https://en.wikipedia.org/wiki/Happy_Eyeballs -- https://annevankesteren.nl/
Received on Wednesday, 28 September 2016 08:18:11 UTC