RE: ISSUE-28: \"available security information\" from Close, Tyler J. on 2007-04-10 (public-wsc-wg@w3.org from April 2007)

From: Close, Tyler J. <tyler.close@hp.com>
Date: Tue, 10 Apr 2007 18:41:18 -0000
To: "Web Security Context WG" <public-wsc-wg@w3.org>
Message-ID: <08CA2245AFCF444DB3AC415E47CC40AF9A3618@G3W0072.americas.hpqcorp.net>

I think having an exhaustive list of all the information sources we can
use when creating recommendations is valuable to ensure we're not
neglecting a valuable source of information. In drafting the intro to
this section, I purposely used the word "exhaustive" so as to draw a big
fat target on my back. If there's something important that's not covered
by this list we want to know about it and add it to the list if it is
in-scope. I think it is a mistake to weasel word around "exhaustive" as
that might discourage people from pointing out the discrepancies that we
really want them to point out.
 
Thomas' ISSUE-28 picks at the word "exhaustive" without pointing out
even a single omission. I guess we need a word even more provocative
than "exhaustive", in order to get the feedback we need. ;)
 
Tyler


________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Johnathan Nightingale
	Sent: Monday, April 09, 2007 3:52 PM
	To: Timothy Hahn
	Cc: Web Security Context WG
	Subject: Re: ISSUE-28: \"available security information\"
	
	
	Echoing comments I've made on the calls, I am also a fan of this
section.  Not only does it document the context in which recommendations
were generated (Mez's point) but it is also a reasonably useful list to
which to refer; at least for me.  I'm fine with changing the language
though, so that we don't claim to be something we're not. 

	Cheers,

	J

	
	---
	Johnathan Nightingale
	Human Shield
	johnath@mozilla.com



	On 9-Apr-07, at 8:22 AM, Timothy Hahn wrote:



		+1 on keeping the section. 
		
		I think we could come up with a better adjective than
"exhaustive".  Perhaps "well known" or "known" would be sufficiently
precise for now. 
		
		Regards, 
		Tim Hahn
		IBM Distinguished Engineer
		
		Internet: hahnt@us.ibm.com
		Internal: Timothy Hahn/Durham/IBM@IBMUS
		phone: 919.224.1565     tie-line: 8/687.1565
		fax: 919.224.2530
		
		
		
		
"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> 
Sent by: public-wsc-wg-request@w3.org 

04/09/07 10:26 AM 

To
Web Security Context WG <public-wsc-wg@w3.org> 	
cc
	
Subject
Re: ISSUE-28: \"available security information\"	

		




		
		> However, in its current state, I'm inclined to
consider this section neither
		> "exhaustive" (as the text claims it is), nor
particularly useful.
		
		I disagree on the utility. 
		
		It's good to see an overview of the available security
information that we've identified. Readers don't need to ask "have you
thought about using x?", since they can just check the list. And it has
useful references as well. 
		
		I would argue against removing it, even in its current
form. 
		
		       Mez

Received on Tuesday, 10 April 2007 18:42:12 UTC