In the past post I ended up having a discussion with the Opera developer I linked to.  Obviously Opera has some bad blood with MS, but if his complaints are true (namely that MS has been mum about deviations it was planning, despite chairing the HTML 5 WG) I do think he is justified.  I don’t think standards bodies are great at considering security; ultimately most of them tend towards a democratic discussion process, is a nice way of saying the majority get their way.  Security tends to be the minority voice in the tech industry in general, and it seems this holds true among voting members of standards bodies as well, so it follows that as the minority voice it will often be overlooked.

That said, MS has a great deal of influence being the predominant browser manufacturer as well as the chair of that particular WG.  I feel they have the responsibility to disclose when they are going to deviate from the spec for security reasons and clearly articulate their rationale, as they could have huge influence either changing the standard, or getting the other browser manufacturers to follow suite despite the standard.

As an aside, when I get a spare moment this week I’m hoping to get involved in a couple discussions with the WG about concerns I have.  I can’t really complain about security concerns when the WG has an open discussion list for the public to voice issues.

~ Joshbw