W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2011

Securing the future net

From: Karl Dubost <karld@opera.com>
Date: Sat, 9 Apr 2011 19:05:44 -0400
Message-Id: <B7C871C0-D65D-4B22-9D14-90744852074F@opera.com>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Securing the future net
http://www.owlfolio.org/research/securing-the-future-net/

contains information with similar requirements than privacy


    * Performance - large sites will not adopt solutions
      which bulk up the amount of data required to be
      exchanged to establish an secure connection.

    * Independence/Availability - large sites will not
      accept tying the uptime of their site to the uptime of
      infrastructure over which they have no control (e.g.
      an OCSP responder)

    * Accessibility/Usability - solutions should not put the
      cost of security, either in terms of single sites or
      large deployments, out of the reach of ordinary people

    * Simplicity - solutions should be simple to deploy, or
      capable of being made simple.

    * Privacy - ideally, web users should not have to reveal
      their browsing habits to a third party.

    * Fail-closed - new mechanisms should allow us to treat
      mechanism and policy failures as hard failures (not
      doing so is why revocation is ineffective) (however
      this is trading off security for availability, which
      has historically proven almost impossible).

    * Disclosure - the structure of the system should be
      knowable by all parties, and users must know the
      identities of who they are trusting


-- 
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software
Received on Saturday, 9 April 2011 23:06:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:52 UTC