Re: Pervasive encryption: Pro and contra from Mark Nottingham on 2013-11-18 (ietf-http-wg@w3.org from October to December 2013)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 18 Nov 2013 20:16:54 +1100
To: Henry Story <henry.story@bblfish.net>
Cc: Tim Bray <tbray@textuality.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <6FFFA92E-6B09-48D0-8C26-A9CC54C9C2E4@mnot.net>

Henry,

I�m sure that�s interesting work, but it�s off-topic for this list. 

Thanks,


On 18 Nov 2013, at 8:10 pm, Henry Story <henry.story@bblfish.net> wrote:

> Hi Tim,  hi all. 
> 
>    Since my days at Sun Microsystems working with Tim Bray I have been developing with 
> a loose knit distributed community a set of standards based tools that show how one can
> answer a lot of the negatives put forward here in order to build a more secure web with
> pervasive TLS based encryption. The idea is to use tools and standards that exist off
> the shelf. 
> 
>    The answer is to distribute data to the nodes, so that each person/organisation physically
> controlls its own information on its servers. This requires distributed authentication and
> distributed access control. It requires ease of use. All of that can in fact be achieved in
> my opinion.
> 
>   I can explain this here. But most of you will find something annoying about it.
> Tim will be skeptical because we use RDF. Others will be skeptical because we
> use client side TLS certificiates for identification without using CAs to sign them, 
> ....  I think the pain point makes it worth trying something new.
> 
>   you can check the list of specs we use
>    https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
> 
>   But of course that won't help that much. You have to see it in action to see it 
> working. 
> 
>    If some of you are in Paris next week we'll be having a Workship at the Mozilla labs
> in Paris to show how that works.
>    https://github.com/stample/wiki/wiki/Weave-the-web-we-want
> 
>   if you can't read the doc, then check out the project README to get an idea 
> of how this works ( with curl: you'll need to imagine it doing the same with JS )
>    https://github.com/stample/rww-play
> 
> Henry
> 
> 
> On 17 Nov 2013, at 02:03, Tim Bray <tbray@textuality.com> wrote:
> 
>> There has been a *whole lot* of traffic on this subject.  It�s fascinating that the meeting of minds is so difficult, and any possibility of that happening is made more difficult by the discussion skewing back and forth across the road.
>> 
>> To help sort things out in my own mind, I just went and read the last few hundred messages and attempted to curate the pervasive/mandatory encryption arguments, pro and contra.  It�s in a Google doc that�s open to comment by anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere that can stand up to the pressure?
>> 
>> I don�t know if trying to organize the talking points is generally useful, but I sure found it personally useful; maybe others will too.
>> 
>> Disclosure: I remain pretty strongly in favor of as much mandatory encryption as we can get, so that may have filtered my expression of the issues.  I've version-stamped this: 2013/11/16, and promise not to change it in case people comment on it.
> 
> Social Web Architect
> http://bblfish.net/
> 

--
Mark Nottingham   http://www.mnot.net/

Received on Monday, 18 November 2013 09:17:27 UTC