On Fri, Nov 7, 2008 at 2:29 PM, Ralph Giles <span dir="ltr"><<a href="mailto:giles@xiph.org">giles@xiph.org</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Trying again: this discussion, to the extent that many of us here are<br>
objecting to the cross-site controls as you've described them, is<br>
about the tradeoff between security and ease of use. I think you've<br>
weighed security too heavily, and am trying to understand why our<br>
conclusions are different.</blockquote><div><br>It could simply be because most of the usability burden falls on you and most of the security burden falls on us.<br><br>Well, the latter isn't really true; Web developers are paying hugely for the cross-domain fiasco too. And would be paying more except that XSS and similar issues are so often swept under the rug.<br>
</div></div><br clear="all">Rob<br>-- <br>"He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]<br>