W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Pervasive encryption: Pro and contra

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 18 Nov 2013 20:16:54 +1100
Cc: Tim Bray <tbray@textuality.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <6FFFA92E-6B09-48D0-8C26-A9CC54C9C2E4@mnot.net>
To: Henry Story <henry.story@bblfish.net>
Henry,

Iím sure thatís interesting work, but itís off-topic for this list. 

Thanks,


On 18 Nov 2013, at 8:10 pm, Henry Story <henry.story@bblfish.net> wrote:

> Hi Tim,  hi all. 
> 
>    Since my days at Sun Microsystems working with Tim Bray I have been developing with 
> a loose knit distributed community a set of standards based tools that show how one can
> answer a lot of the negatives put forward here in order to build a more secure web with
> pervasive TLS based encryption. The idea is to use tools and standards that exist off
> the shelf. 
> 
>    The answer is to distribute data to the nodes, so that each person/organisation physically
> controlls its own information on its servers. This requires distributed authentication and
> distributed access control. It requires ease of use. All of that can in fact be achieved in
> my opinion.
> 
>   I can explain this here. But most of you will find something annoying about it.
> Tim will be skeptical because we use RDF. Others will be skeptical because we
> use client side TLS certificiates for identification without using CAs to sign them, 
> ....  I think the pain point makes it worth trying something new.
> 
>   you can check the list of specs we use
>    https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
> 
>   But of course that won't help that much. You have to see it in action to see it 
> working. 
> 
>    If some of you are in Paris next week we'll be having a Workship at the Mozilla labs
> in Paris to show how that works.
>    https://github.com/stample/wiki/wiki/Weave-the-web-we-want
> 
>   if you can't read the doc, then check out the project README to get an idea 
> of how this works ( with curl: you'll need to imagine it doing the same with JS )
>    https://github.com/stample/rww-play
> 
> Henry
> 
> 
> On 17 Nov 2013, at 02:03, Tim Bray <tbray@textuality.com> wrote:
> 
>> There has been a *whole lot* of traffic on this subject.  Itís fascinating that the meeting of minds is so difficult, and any possibility of that happening is made more difficult by the discussion skewing back and forth across the road.
>> 
>> To help sort things out in my own mind, I just went and read the last few hundred messages and attempted to curate the pervasive/mandatory encryption arguments, pro and contra.  Itís in a Google doc thatís open to comment by anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere that can stand up to the pressure?
>> 
>> I donít know if trying to organize the talking points is generally useful, but I sure found it personally useful; maybe others will too.
>> 
>> Disclosure: I remain pretty strongly in favor of as much mandatory encryption as we can get, so that may have filtered my expression of the issues.  I've version-stamped this: 2013/11/16, and promise not to change it in case people comment on it.
> 
> Social Web Architect
> http://bblfish.net/
> 

--
Mark Nottingham   http://www.mnot.net/
Received on Monday, 18 November 2013 09:17:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC