Re: ISSUE-117 (serge): Eliminating Faulty Recommendations [All] from Johnathan Nightingale on 2007-11-14 (public-wsc-wg@w3.org from November 2007)

From: Johnathan Nightingale <johnath@mozilla.com>
Date: Wed, 14 Nov 2007 18:03:07 -0500
To: W3C WSC Public <public-wsc-wg@w3.org>
Message-Id: <72CDD3D7-20FA-4670-92A8-349F2737CB07@mozilla.com>

On 12-Nov-07, at 3:46 PM, <michael.mccormick@wellsfargo.com>  
<michael.mccormick@wellsfargo.com> wrote:
> Criteria 2, at least as phrased below, concerns me.  I don't feel  
> WSC should be constrained from making a recommendation just because  
> a particular community may resist adopting it.  Our guidance on  
> favicons is a case in point.  I'm skeptical browsers will adopt  
> that recommendation any time soon but it's still the right thing to  
> do.  If browser manufacturers could always be counted on to do the  
> right things for security on their own, then initiatives like WSC  
> would be less necessary.  Criteria 2 could also reinforce a  
> perception among some skeptics that W3C is beholden to certain web  
> technology vendors and gives their needs priority over those of  
> other industries or the broader user community.

Parenthetical: I'm not sure if there's an implied slight in there or  
not -- are we browser vendors assumed to be deliberately not doing  
the right things for security on our own?  Is there some other  
interest we are supposed to be serving than the well-being of our  
users?  I can't speak for others, but I don't have any shareholders  
pulling my strings here.  The WSC has positive, constructive reasons  
for existing that don't trace themselves to "calling browsers to heel."

I'm absolutely not sold on the idea that dropping favicons is the  
right thing to do, but without meaning to diverge from issue-117, I  
would agree that we shouldn't elevate any members of the working  
group as being more influential than others.  I would also argue that  
recommendations for which we pat ourselves on the back, but which  
don't see any implementation anywhere, are mostly a waste of our time  
though.  Whether it's content authors, browser authors, crypto  
researchers, or some other group, I would hope that "this won't work"  
would be a topic of significant consideration and concern to our group.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com

Received on Wednesday, 14 November 2007 23:03:34 UTC