RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]

I think the 'he said she said' continues and looking at your past history I don’t think this will abate...

About the feedback, no, I think more than just specific feedback on the draft is required. Chris has talked about security principles being important. Given your dismissal of anything less than those specifics (I understand how specifics can be a ‘quick fix’ and easier to rationalize) I feel it appropriate to start with what we think are secure principles for x-domain and then move on to specifics. If we’ve lost you in the principles, I expect our specifics to be dismissed.  (Btw, I request you re-consider the tone of your interactions with us. I’ve noticed defensiveness, dismisiveness, combativeness and polemic for anything you don’t want to hear and it makes things very difficult.)

In that eloquently written mail that you write that talks about US Elections and also throws in your take (Your tone sounds regal) on what MSFT needs to do to improve what you (or Google?) think is our reputation, I somewhere make the takeaway that you're asking for timely feedback.

Point noted, we’ve made mistakes, will continue to make them as we increase our scale of participation (especially in complex areas like access controls where our views dont align) and will try to learn from our mistakes. Now please stop talking about history (the time period you talk about I was in junior school) and how we’re big and bad and let us move forward????



________________________________________
From: Ian Hickson [ian@hixie.ch]
Sent: Sunday, June 15, 2008 8:11 PM
To: Sunava Dutta
Cc: Marc Silbey; www-archive@w3.org; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu
Subject: RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]

On Sun, 15 Jun 2008, Sunava Dutta wrote:
>
> As you yourself have said, minutes for telecons and F2F's are poor. I
> did not commit to mid to late November. I said in TPAC I wold try to
> give security feedback 6 weeks to 2 months after the event.

Sunava, I was there. You said three weeks (after we asked for one week,
and you originally replied maybe two, and then extended that to three).
One week is more than enough time to collect and send feedback which you
had said already existed, in any case.

I should point out that we didn't ask for a whitepaper, we asked for
feedback on the draft. A simple e-mail (like the one I just sent giving
your feedback in plain text form) would have sufficed.

It is maybe worth noting that in the time since you said Microsoft had
comments on the spec, and the time you finally sent those comments to the
list, the US held an entire cycle of presidential primaries (and a long
one at that -- one pundit termed it "the long flat seemingly endless
bataan death march to the Whitehouse"). If this was an isolated incident,
one might be more willing to give Microsoft the benefit of the doubt, but
it is just one more example in a long history of such behaviour that
started long before I got involved in the standards world in the late 90s.
If Microsoft want to improve their reputation, they should go above and
beyond being good citizens, not continue this long trend of half-hearted
participation.

--
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 16 June 2008 05:28:38 UTC