I don't think that there was any misunderstanding in what it is that is being proposed, just disagreement about cost-benefit.
On Mon, Mar 14, 2016 at 8:02 PM, Mike West <mk...@google.com> wrote: > Websites use passwords today. While I agree that we can and should be > working on something better, I don't think that we should overlook small > improvements in the status quo. We can give users a better experience on > their favourite sites if we allow developers to bypass status quo > heuristics, and we keep users safer if we mitigate some of the XSS risks of > password managers today. I think this API does both, and is worth > experimenting with to see if it's a framework we can build upon. Maybe it's a value thing, I don't see that gold-plating this experience is going to make a difference commensurate with the cost. The fetch API changes are the core of the purported benefit, and that turns out to be a non-trivial thing, with the added cost of indefinite support for a feature we don't really want in support of a mechanism that isn't that great. The actual benefit is something that is only realized once a site puts in the effort required. That is small, yes, but we're seeing sites actively avoid password managers, hence the aggressive heuristics, and rAC is much more likely to work for that, since it's implemented and deployed already. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
