Subject: Professionalism and Constructive Discussion
Matt, Your response crosses the line from technical discussion into personal attacks. Calling my remark “snide” and implying it reduces my credibility is unprofessional. If you disagree, address the technical point rather than resorting to condescension. Additionally, your claim about JavaScript security issues in Merklemap looks like trolling. There is no JS-specific security concern related to Merklemap, and, ironically, the very forum we’re using requires JavaScript to function. I’m also not sure what credentials you hold to assess the credibility of others, but resorting to such remarks is just childish. Your tone and approach in this conversation come across as bullying rather than constructive dialogue. Since it doesn’t seem like this discussion will become more productive, I’ll leave it here. Pierre. On Mon, Feb 17, 2025, at 00:33, Matt Palmer wrote: > On Sun, Feb 16, 2025 at 06:19:42PM +0100, Pierre Barre wrote: >> > > * It requires JS to do anything useful. >> >> These days, most browsers support JavaScript. You might want to give one a >> try! ;-) > > Yeah, that's the kind of snide remark that gets you negative credibility > points. There are significant security and privacy downsides to > unfettered JavaScript execution. > > Also, you asked for my time to provide you with assistance with your > commercial endeavour in identifying gaps between your service and crt.sh, > and one of the primary differences is that crt.sh does not require JS to > work. > >> > * The search box only takes subdomains, not other identifiers I'm >> > commonly interested in (like SPKI fingerprints). >> >> You can currently do this by modifying the URL directly, for example: >> >> https://www.merklemap.com/certificates/ba7924eedf9c95809bc4f46dce070b946560054e1ad7494e210627bfc57b358a >> >> Not the best UX, I'll admit. > > It's a terrible UX. Also, hitting that URL redirects to a sign-in page, > which highlights another *huge* difference to crt.sh: your service > cannot be used as a means to reference certificates in any public > discussion or incident report. > > - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/56437bdf-8195-4db2-87da-ef1c16ad6ef8%40app.fastmail.com.
