On Mon, 2016-04-04 at 07:48 -0700, Ryan Sleevi wrote: > > On Apr 4, 2016 7:15 AM, "David Woodhouse" <dw...@infradead.org> wrote: > > > > Ryan? > > > > Unless you are able to provide an explanation of how this would "break > > Chrome's use of the API", I shall continue to assume that your > > statement was false, and design accordingly. > > > > I certainly can't see how it could have any basis in reality.
> Those sort of statements don't encourage productive discussion - > "You're a liar and I will ignore you and break you if you don't do > what I want, because I don't understand". This will be my last reply, > given that. I would hope in the future you might be more helpful in > tone and tenor. I didn't call you a liar. I simply said that I can't see how the statement you made could be anything but false. There are plenty of reasons that could be the case — including my own ignorance — which don't involve you telling a deliberate untruth. While I thank you for your advice on tone, I had already tried asking you to elaborate, and that had failed. This one elicited a response fairly promptly :) > Chrome has logic to preparse the nickname, which NSS does have an > internal format for, because it can affect how we present and how we > search. In some APIs, you need to prefix the nickname with the token > name, while simultaneously, for our UI needs, we need to filter out > the token name before showing it to the user. None of which is proposed to change. > Introducing the URI code in the existing functions would be breaking > NSS's implicit and explicit API contracts, and would cause us to > display such URIs directly to the user. No. As repeatedly stated, we were *only* talking about allowing functions like PK11_FindCertsFromNickname() to accept a RFC7512 identifier (PKCS#11 URI) in *addition* to the existing NSS nickname form. There is *no* way that such a change could possibly have the effect you describe. Separately, we would also want to add new functions to obtain the RFC7512 identifier for a given object. But obviously those *couldn't* overload the existing functions to get nicknames; that would be silly. > <further hyperbole elided> If I could give my own advice on how to communicate, to reciprocate the favour — I am *actively* trying to find nuggets of anything helpful or correct in your responses, rather than just ignoring you — but I'm finding it hard. Regardless of tone, please try to pay attention to the actual issues, and make sure that you're not arguing against a straw man. In this case, not for the first time, you seem to be arguing against something that wasn't even being proposed. It would help if you would be *specific* about any objections you have, rather than making it take weeks to work out what your misconception is. Otherwise, it just comes across as wilful obstructionism. Like when you spent ages telling me that I didn't understand the Chrome security model, and eventually we managed to work out that you'd ignored the bit in my *first* message where I explicitly acknowledge that we'd want NSS_NoDB_Init() to do the right thing, and you were wrong about that all along too. Thanks. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto