Re: Google warns of unauthorized TLS certificates trusted by almost all OSes

Daniel Appelquist wrote:
> Excuse me?
> Marc – can you please refrain from making alarmist, nonsensical
> flame-baiting comments like this on our mailing list? Probably this
> sort of thing would be more sensibly expressed on Twitter or similar?

I don't know Marc and I apologize if I'm wrong in suspecting that
English isn't his first language. But there are plenty of developers
out here who really take exception to the direction of the Web. I don't
find their input to be nonsensical. If there's an aspect of alarmism or
flame-baiting to his (and, indeed, my own) comments on this list, I
believe it results from a lack of positive engagement by the TAG.

The sort of thing which leads me to sarcastically say, kudos to the TAG
for changing the mail-list rules so TAG members don't have to be
bothered by any input that doesn't amount to confirmation of their own
biases. That would be disruptive! Really disappointed in TAG's response
that this isn't a problem on TAG's end, even partially. Just keep
blaming the developers who attempt to post disagreement here, as being
the problem, 'cuz of course it's a one-way street. </sarcasm>

Don't even get me started on scoping TAG findings to w3c members-only.
What a cop-out. Ban me for being disruptive by saying so, whatevs. I
could care less any more (and that, in and of itself, is exhibit A for
my problems with the TAG in recent years -- input from the trenches
used to be welcomed, here).

I try not to treat every TLS failure as confirmation of my position,
but ya gotta admit, they do seem to pop up every week. So I don't think
I'm insane, or disruptive (although I can be, and I apologize for it),
to suggest "broken beyond repair." Can we have a rational debate here,
on this notion? Seems like the right place.

What seems nonsensical to me, is to go so far as to change the rules
for this list, because the current TAG doesn't want to be bothered by
this sort of input. IMHO, engagement with an open mind by TAG members
would result in less-flamey posts to this list. As opposed to
deflection, i.e. go post on Twitter, etc.

Otherwise TAG winds up inside the same bubble as the CA's and browser
vendors. My disillusionment (and even some acting out resulting from it)
results from efforts to impose a new architecture on the Web, *not*
being considered in this forum. TAG preferring instead, to tell people
to go away, backed up by some new rules, if they don't like it.

Because it's all our fault, the developers out here in the trenches,
not TAG's. Seriously, do y'all not see how this can result in counter-
productive "flame on" threads when our input is treated derisively and
dismissed as irrelevant, by calling it disruptive/alarmist/nonsensical/

Because when you get down to it, regardless of his English skills, Marc
has a point.


Received on Wednesday, 25 March 2015 03:50:41 UTC