W3C home > Mailing lists > Public > www-tag@w3.org > January 2012

The Science of Insecurity

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 6 Jan 2012 18:05:05 +0100
Message-Id: <9DD418D0-476D-406F-9696-3E6CF0E8F093@bblfish.net>
To: "www-tag@w3.org List" <www-tag@w3.org>
At the recent Chaos Communication Congress in Berlin, there was a very interesting presentation entitled
"The Science of Insecurity" which can be seen online http://www.youtube.com/watch?v=3kEfedtQVOY

This may not be news for people in the security space, and it may be better and more elegantly explained 
elsewhere. But it seems to have some interesting repercussions on web architecture.

For one it does make the case for simplicity and clarity (non-ambiguity) of languages and protocols.
This is what is said here
   http://www.w3.org/DesignIssues/Principles.html
But the video gives a security perspective on this, which could be very useful.

This the raises the question as to how each of the elements of the web stack fit the requirements
given in the talk. So how complex are the languages produces by the w3c exactly? Which ones are turing complete? [1] Which ones not? 

Perhaps bringing out some of these aspects more clearly would help clarify why simplicity is important, in a way that appeals to education don't do so well. 

Henry

[1] Apparently html5+css3 is turning complete for example
    http://lemire.me/blog/archives/2011/03/08/breaking-news-htmlcss-is-turing-complete/




Social Web Architect
http://bblfish.net/
Received on Friday, 6 January 2012 17:05:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:44 GMT