W3C home > Mailing lists > Public > www-tag@w3.org > March 2015

Re: Google warns of unauthorized TLS certificates trusted by almost all OSes

From: Marc Fawzi <marc.fawzi@gmail.com>
Date: Wed, 25 Mar 2015 18:07:13 -0700
Message-ID: <CACioZitBGZ-KJaCGJPdamLnWT6K5209X_vbLa-BXiYiwX7fNqQ@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: TAG List <www-tag@w3.org>
Seriously?

On Wed, Mar 25, 2015 at 6:05 AM, Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

>
>
> On 25 March 2015 at 13:25, Marc Fawzi <marc.fawzi@gmail.com> wrote:
>
>> I don't think it's lack of English skillz on my part (couldn't care less)
>> as much as it is my opinion how I'm delivering it.
>>
>> Remember style and context are not separate things except in the mind of
>> those who can't sense the brewing risk to our survival and well being as a
>> society. If the house is on fire, I'm not going to say that in an
>> intellectual manner, e.g.: There seems to be a sudden rise in temperature
>> within that housing structure. I'm going to say something like: the damn
>> house is on fire! get out while you can! But if somebody discovers a
>> solution to an obscure problem in theoretical physics, you can bet that
>> I'll opine on it intellectually.
>>
>> But I can't stand by, pontificating and arguing from a purely
>> intellectual place, while the Web architects itself out of relevance, long
>> term, by adopting shoot-me-in-the-foot ideas, and while so many terrible
>> decisions are being made.
>>
>> I mean, like you Eric, I could say that i no longer care about the Web
>> and the real innovation will always win over lameness.
>>
>> What English skills?
>>
>
> Marc, as an independent web developer, unaffiliated with the TAG, that
> follows this list, I like to hear diverse view points, even if those view
> points are sometimes strongly articulated.
>
> Lots of hyperbole and questioning motives (while sometimes appropriate),
> does come across as a rant and not as courteous as it could be, and this is
> coming from someone sympathetic to counter arguments.
>
> I dont think Dan's guidelines were inflammatory, just common sense, if you
> have suggestions fork them.  Mnot saying the audience of his work was not
> primary for "web developers" I found slightly perplexing and questioned it,
> as the tag has tried to reach out to the development community in the
> past.  But generally I think people are just trying to stay focussed and on
> topic.
>
> But remember this is a technical discussion list.  If you think a
> particular decision is bad, say what that decision is, how you'd improve
> it, without so much of the generalizations.  Try and stick to what you do
> best which is primarily talking about technical aspects (with some
> commentary).
>
> Lastly, you may recall the web itself was inspired by a victorian book on
> etiquette called "enquire within about everything".  Let's try take that
> spirit into discussions about the web.
>
>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Mar 24, 2015 at 9:21 PM, Eric J. Bowman <eric@bisonsystems.net>
>> wrote:
>>
>>> Tim Bray wrote:
>>> >
>>> > What Daniel said.  Also, see
>>> > https://www.tbray.org/ongoing/When/201x/2014/07/28/Privacy-Economics
>>> >
>>>
>>> "There are people out there who want more: They’re not sure HTTPS is
>>> good enough (it is)."
>>>
>>> Is it? For example, how does TLS overcome violations of the
>>> Identification of Resources REST constraint?
>>>
>>> https://www.google.com/search?q=healthcare.gov+privacy+breach
>>>
>>> That issue is why I chafe every time someone says HTTPS is in my best
>>> interests in terms of privacy. I simply know better, as a long-time
>>> REST advocate, that this sort of implementation is the rule -- not the
>>> rare RESTful exception.
>>>
>>> No amount of slapping encryption on this problem in the name of privacy,
>>> does anything for user privacy. The risk in advocating ubiquitous HTTPS
>>> is it deceives end-users into believing their data is private. When "we"
>>> should know better, because architecture, where putting confidential
>>> information into URLs has long been the norm.
>>>
>>> I don't see how HTTPS helps. But I'd love the argument to be framed as,
>>> is this still better than nothing? And honestly discussed. Perhaps on
>>> Twitter, if TAG just doesn't want to discuss this on www-tag, for
>>> whatever reason (convenience springs to mind).
>>>
>>> Advocate the Identification of Resources constraint, first. Because
>>> that at least would get us to a starting point, to talk about using
>>> HTTPS for privacy. But, with the bulk of the Web putting confidential
>>> data in URLs, it seems foolish to me to ignore that and say "just use
>>> HTTPS and you'll magically have privacy". Despite any TLS shortcomings.
>>>
>>> Insane.
>>>
>>> Or just change the rules, in an effort to make me go away for bringing
>>> up inconvenient, yet perfectly relevant, arguments. Or just don't
>>> engage, or call me ignorant, or whatever, then you can just dismiss my
>>> position when y'all get upset that I just won't let it drop, by
>>> changing the listmail rules because I do get a little upset when not
>>> taken seriously by my peers.
>>>
>>> My experience here, recently, reminds me of that guy in Florida who
>>> dared to say "climate change" and got sacked pending psychological
>>> evaluation. Maybe I need just that, to continue posting here; because
>>> my position is so much at odds with TAG's that I must, by definition,
>>> be crazy.
>>>
>>> Or at least that's the perception some of us have of the new rules for
>>> the www-tag list.
>>>
>>> -Eric
>>>
>>
>>
>
Received on Thursday, 26 March 2015 01:08:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:10 UTC