W3C home > Mailing lists > Public > www-tag@w3.org > March 2015

Re: Google warns of unauthorized TLS certificates trusted by almost all OSes

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 25 Mar 2015 14:05:05 +0100
Message-ID: <CAKaEYhLSVSz_6y=g31rUn9B=X=6dBEcFuMbw-YcFNBo+w9TvhQ@mail.gmail.com>
To: Marc Fawzi <marc.fawzi@gmail.com>
Cc: TAG List <www-tag@w3.org>
On 25 March 2015 at 13:25, Marc Fawzi <marc.fawzi@gmail.com> wrote:

> I don't think it's lack of English skillz on my part (couldn't care less)
> as much as it is my opinion how I'm delivering it.
>
> Remember style and context are not separate things except in the mind of
> those who can't sense the brewing risk to our survival and well being as a
> society. If the house is on fire, I'm not going to say that in an
> intellectual manner, e.g.: There seems to be a sudden rise in temperature
> within that housing structure. I'm going to say something like: the damn
> house is on fire! get out while you can! But if somebody discovers a
> solution to an obscure problem in theoretical physics, you can bet that
> I'll opine on it intellectually.
>
> But I can't stand by, pontificating and arguing from a purely intellectual
> place, while the Web architects itself out of relevance, long term, by
> adopting shoot-me-in-the-foot ideas, and while so many terrible decisions
> are being made.
>
> I mean, like you Eric, I could say that i no longer care about the Web and
> the real innovation will always win over lameness.
>
> What English skills?
>

Marc, as an independent web developer, unaffiliated with the TAG, that
follows this list, I like to hear diverse view points, even if those view
points are sometimes strongly articulated.

Lots of hyperbole and questioning motives (while sometimes appropriate),
does come across as a rant and not as courteous as it could be, and this is
coming from someone sympathetic to counter arguments.

I dont think Dan's guidelines were inflammatory, just common sense, if you
have suggestions fork them.  Mnot saying the audience of his work was not
primary for "web developers" I found slightly perplexing and questioned it,
as the tag has tried to reach out to the development community in the
past.  But generally I think people are just trying to stay focussed and on
topic.

But remember this is a technical discussion list.  If you think a
particular decision is bad, say what that decision is, how you'd improve
it, without so much of the generalizations.  Try and stick to what you do
best which is primarily talking about technical aspects (with some
commentary).

Lastly, you may recall the web itself was inspired by a victorian book on
etiquette called "enquire within about everything".  Let's try take that
spirit into discussions about the web.


>
>
>
>
>
>
>
>
> On Tue, Mar 24, 2015 at 9:21 PM, Eric J. Bowman <eric@bisonsystems.net>
> wrote:
>
>> Tim Bray wrote:
>> >
>> > What Daniel said.  Also, see
>> > https://www.tbray.org/ongoing/When/201x/2014/07/28/Privacy-Economics
>> >
>>
>> "There are people out there who want more: They’re not sure HTTPS is
>> good enough (it is)."
>>
>> Is it? For example, how does TLS overcome violations of the
>> Identification of Resources REST constraint?
>>
>> https://www.google.com/search?q=healthcare.gov+privacy+breach
>>
>> That issue is why I chafe every time someone says HTTPS is in my best
>> interests in terms of privacy. I simply know better, as a long-time
>> REST advocate, that this sort of implementation is the rule -- not the
>> rare RESTful exception.
>>
>> No amount of slapping encryption on this problem in the name of privacy,
>> does anything for user privacy. The risk in advocating ubiquitous HTTPS
>> is it deceives end-users into believing their data is private. When "we"
>> should know better, because architecture, where putting confidential
>> information into URLs has long been the norm.
>>
>> I don't see how HTTPS helps. But I'd love the argument to be framed as,
>> is this still better than nothing? And honestly discussed. Perhaps on
>> Twitter, if TAG just doesn't want to discuss this on www-tag, for
>> whatever reason (convenience springs to mind).
>>
>> Advocate the Identification of Resources constraint, first. Because
>> that at least would get us to a starting point, to talk about using
>> HTTPS for privacy. But, with the bulk of the Web putting confidential
>> data in URLs, it seems foolish to me to ignore that and say "just use
>> HTTPS and you'll magically have privacy". Despite any TLS shortcomings.
>>
>> Insane.
>>
>> Or just change the rules, in an effort to make me go away for bringing
>> up inconvenient, yet perfectly relevant, arguments. Or just don't
>> engage, or call me ignorant, or whatever, then you can just dismiss my
>> position when y'all get upset that I just won't let it drop, by
>> changing the listmail rules because I do get a little upset when not
>> taken seriously by my peers.
>>
>> My experience here, recently, reminds me of that guy in Florida who
>> dared to say "climate change" and got sacked pending psychological
>> evaluation. Maybe I need just that, to continue posting here; because
>> my position is so much at odds with TAG's that I must, by definition,
>> be crazy.
>>
>> Or at least that's the perception some of us have of the new rules for
>> the www-tag list.
>>
>> -Eric
>>
>
>
Received on Wednesday, 25 March 2015 13:05:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:10 UTC