> On Oct 8, 2019, at 12:44 PM, Ryan Sleevi <r...@sleevi.com> wrote: > > Paul,
[snip] > It does not seem you're interested in finding solutions for the issues, [PW] You are mixing things up Ryan. I am interested in finding solution to issues. I specifically kept my message on point, which was your tone and approach to communication - this is equally important to the content you put forward. My point was made and you obviously didn’t receive it well - I’m ok with that. Most people don’t respond well to criticism. I will only contribute proposed solutions for issues where I posses deep domain expertise - moderating and chairing standards and best practices is one area, hence my contribution. > and you've continued to shift your message, so perhaps it might be better to > continue that discussion elsewhere? [PW] In my opinion, this is the right place. You don’t get to dictate where and when. The alternative would be to walk into a broom cupboard and scream at the wall. I won’t comment on this matter any further as I think we’ve labored the subject and I don’t want to take up people’s time any further. - Paul > > Thanks. > > On Tue, Oct 8, 2019 at 3:21 PM Paul Walsh <p...@metacert.com > <mailto:p...@metacert.com>> wrote: > Ryan, > > You just proved me right by saying I’m confused because I hold an opinion > about how you conduct yourself when collaborating with industry stakeholders. > My observations are the same across the board. I don’t think I’m confused. > But you’re welcome to disagree with me. And, it’s not off-topic. We should be > respectful when communicating in forums like this. I think your communication > is sometimes disrespectful. > > You also tell people they are confused about bylaws and other documents when > they’re in disagreement with you. It’s possible for someone to fully > understand and appreciate specific guidelines and disagree with you at the > same time. > > I’ve contributed to many W3C specifications over the years - I co-founded > two, including the Mobile Web Initiative. I was also Chair of BIMA.co.uk > <http://bima.co.uk/> for three years. My point is this, when contributing to > industry initiatives, I learned that there will always be instances where > individuals need to be reminded to show respect to others when communicating > differences of opinion - especially when there is a strong chance of culture > differences. I don’t mind being reminded from time to time. Nobody is perfect. > > You can take this feedback, or leave it. Your call. > > - Paul > > > > >> On Oct 8, 2019, at 12:09 PM, Ryan Sleevi <r...@sleevi.com >> <mailto:r...@sleevi.com>> wrote: >> >> >> >> On Tue, Oct 8, 2019 at 2:44 PM Paul Walsh <p...@metacert.com >> <mailto:p...@metacert.com>> wrote: >> Dear Ryan, >> >> It would help a great deal, if you tone down your constant insults towards >> the entire CA world. Questioning whether you should trust any CA is a bridge >> too far. >> >> Instead, why don’t you try to focus on specific issues with specific CAs, or >> specific issues with most CAs. I don’t think you have a specific issue with >> every CA in the world. >> >> If specific CAs fail to do what you think is appropriate for browser >> vendors, perhaps you need to implement new, or improve existing audits? >> Propose solutions, implement checks and execute better reviews. Then iterate >> until everyone gets it right. >> >> Paul, >> >> I appreciate your response, even if I believe it's largely off-topic, deeply >> confused, and personally insulting. >> >> This thread is acknowledging there are systemic issues, that it's not with >> specific CAs, and that the solutions being put forward aren't working, and >> so we need better solutions. It's also being willing to acknowledge that if >> we can't find systemic fixes, it may be that we have a broken system, and we >> should not be afraid of looking to improve or replace the system. >> >> Perhaps you (incorrectly) read "CAs" to mean "Every CA in the world", when >> it's just a plurality of "more than one CA". That's a bias on the reader's >> part, and suggesting that every plurality be accompanied by a qualified >> ("Some", "most") is just tone policing rather than engaging on substance. >> >> That said, it's entirely inappropriate to chastise me for highlighting >> issues of non-compliance, and attempt to identify the systemic issue >> underneath it. It's also entirely inappropriate to insist that I personally >> solve the issue, especially when significant effort has been expended to do >> address these issues so far, which continue to fail without much explanation >> as to why they're failing. Suggesting that we should accept regular failures >> and just deal with it, unfortunately, has no place in reasonable or rational >> conversation about how to improve things. That's because such a position is >> not interested in finding solutions, or improving, but in accepting the >> status quo. >> >> If you have suggestions on why these systemic issues are still happening, >> despite years of effort to improve them, I welcome them. However, there's no >> place for reasonable discussion if you don't believe we should have open and >> frank conversations about issues, about the misaligned incentives, or about >> how existing efforts to prevent these incidents by Browsers are falling flat. > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
