- From: <michael.mccormick@wellsfargo.com>
- Date: Mon, 19 Nov 2007 13:52:05 -0600
- To: <johnath@mozilla.com>
- Cc: <public-wsc-wg@w3.org>
- Message-ID: <9D471E876696BE4DA103E939AE64164D7CD388@msgswbmnmsp17.wellsfargo.com>
Hi Johnathan, No slight intended. But just as a matter of principle I don't believe "browser manufacturer adoption likelihood" should be a litmus test for W3C recommendations (either browser manufacturers who participate in WSC or others). Criteria 2 should therefore be reworded or withdrawn imho. I recognize a distinction between "it won't work" versus "people won't like it". I would certainly agree nothing in the former category should make it into wsc-xit. The latter category is the one I worry about. There are certain browser manufacturers (present company excluded) where it seems convenience, performance, or time-to-market frequently trumps security considerations. Even at a place like Mozilla where you don't have shareholders to answer to, I would imagine security versus convenience/speed trade-offs are difficult for you as they are for the rest of us. Rather than view WSC as "calling browsers to heel", I view it as extra ammunition for the pro-security faction to use in those internal debates. Cheers Mike _____ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Johnathan Nightingale Sent: Wednesday, November 14, 2007 5:03 PM To: W3C WSC Public Subject: Re: ISSUE-117 (serge): Eliminating Faulty Recommendations [All] On 12-Nov-07, at 3:46 PM, <michael.mccormick@wellsfargo.com> <michael.mccormick@wellsfargo.com> wrote: Criteria 2, at least as phrased below, concerns me. I don't feel WSC should be constrained from making a recommendation just because a particular community may resist adopting it. Our guidance on favicons is a case in point. I'm skeptical browsers will adopt that recommendation any time soon but it's still the right thing to do. If browser manufacturers could always be counted on to do the right things for security on their own, then initiatives like WSC would be less necessary. Criteria 2 could also reinforce a perception among some skeptics that W3C is beholden to certain web technology vendors and gives their needs priority over those of other industries or the broader user community. Parenthetical: I'm not sure if there's an implied slight in there or not -- are we browser vendors assumed to be deliberately not doing the right things for security on our own? Is there some other interest we are supposed to be serving than the well-being of our users? I can't speak for others, but I don't have any shareholders pulling my strings here. The WSC has positive, constructive reasons for existing that don't trace themselves to "calling browsers to heel." I'm absolutely not sold on the idea that dropping favicons is the right thing to do, but without meaning to diverge from issue-117, I would agree that we shouldn't elevate any members of the working group as being more influential than others. I would also argue that recommendations for which we pat ourselves on the back, but which don't see any implementation anywhere, are mostly a waste of our time though. Whether it's content authors, browser authors, crypto researchers, or some other group, I would hope that "this won't work" would be a topic of significant consideration and concern to our group. Cheers, Johnathan --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Monday, 19 November 2007 19:52:45 UTC