On Tue, Jan 19, 2016 at 9:38 PM, Ryan Sleevi < [email protected]> wrote:
> On Tue, January 19, 2016 5:38 pm, Eric Mill wrote: > > If your experience with MD5 supports the notion that removing support > for > > it in the enterprise hurt user security in some other way, such as > causing > > enterprises to lock their users to older versions of Chrome for a long > > period of time, please give more qualitative or quantitative detail to > > support that. Otherwise, I have to assume a more traditional and typical > > competitive dynamic that doesn't generally work in the public's > interest. > > While I sent a more comprehensive reply off-list explaining why I have > trouble with your arguments, I don't believe I can in good-faith continue > this conversation with you, Eric. > > I appreciate your curiosity and enthusiasm, but I don't believe your > questions are at all relevant to this discussion, nor do I appreciate the > implication that my participation is an attempt to gain competitive > advantage - simply because I don't want to see users switch to Firefox or > another browser. > That was a wholly unintentional implication -- I did not mean to say that you personally were arguing in bad faith, or were seeking competitive advantage. In fact, you're one of the last people I would ever accuse of bad faith, since your level of personal and direct honesty is maybe the highest in the entire community. However, I can see how my comments would be taken that way, which is my fault, and I apologize to you for that, and for potentially lowering the level of discourse on the thread. Avoiding losing users is a legitimate product interest, not intrinsically bad, and I didn't think the idea that browsers considered this interest would be a controversial one. Again, my fault for addressing that poorly. I've suggested several paths that Richard and the Firefox team may > consider, as compromises that allow Firefox to ensure secure > communications for users, while allowing enterprises the necessary relief > valves for their (longer) timelines and unique challenges. I can > appreciate that you don't see the utility in the relief valve, but there's > ample evidence (and your own experience should tell you) that such things > would and are necessary. They are paths being pursued by the Chrome team, > and, based on the evidence and historical precedence, believed to be the > Microsoft strategy as well. > I believe in the utility of that relief valve -- my only disagreement has been whether it was early enough to know whether that relief valve was needed in this particular case. Your position is clear, and even though I don't think it's futile to consider making choices other than Chrome's or Microsoft's on this issue, I appreciate the details and rationale you've provided, and hope others continue discussing it. -- Eric -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
