- From: Marc Fawzi <marc.fawzi@gmail.com>
- Date: Thu, 28 Aug 2014 06:33:44 -0700
- To: adasal <adam.saltiel@gmail.com>
- Cc: frederick.hirsch@nokia.com, reto@gmuer.ch, Hugh Glaser <hugh@glasers.org>, Tim Berners-Lee <timbl@w3.org>, "semantic-web@w3.org" <semantic-web@w3.org>, TAG List <www-tag@w3.org>
- Message-ID: <CACioZito-3edPJBQCt9=SJd7RWWii4N0R__k_=eg9J2nmo=iJA@mail.gmail.com>
Heh. This just came up on HN https://code.google.com/p/end-to-end/wiki/KeyDistribution On Tue, Aug 26, 2014 at 9:20 AM, Marc Fawzi <marc.fawzi@gmail.com> wrote: > Very interesting thoughts, and relevant. The web as it stands right now is > the greatest surveillance mechanism, and granted that nothing can be secure > against state actors, there still need to be an attempt to analyze the > current weaknesses (any org can be a CA and any CA can be coerced) and find > some alternative. Worrying about the web breaking due to the move to https > is a legitimate and practical concern but it's dwarfed by the actualized > concern that https has evolved into a selective surveillance mechanism. A > false sense of security is worse than no security, especially if you > consider that criminal orgs could get in the game. The cat is out of the > bag. > > If anyone has any idea, what are the potential solutions? > > > On Tue, Aug 26, 2014 at 9:05 AM, adasal <adam.saltiel@gmail.com> wrote: > >> >> On 26 August 2014 15:29, <frederick.hirsch@nokia.com> wrote: >> >>> I’m not sure i understand *why* https should be required everywhere, >>> since risk management should take into account the value of what is at risk >>> versus the costs but that is a different discussion. >> >> >> Nor I. >> If it is an overreaction then that overreaction can be analysed. >> Typically it is said that overreactions are default positions held on to in >> the face of some *imagined* anxieties. >> And that they hide what the anxiety really is. >> I think the real anxiety, in this context, is about identity and data >> ownership, problems that universal adoption of https obscure rather than >> alleviate. >> The problems of identity and data ownership are not ubiquitous and >> universally present. >> They need case by case solutions. >> But the sense of a threat in that area is a sense of a universal threat, >> which really comes from how capitalism is working out in this area. By >> which I mean a scrabble to own, access or mediate data by large players >> makes it seem as if data must be owned, accessed or mediated enmass. Hence >> the sense of universal threat. >> >> Adam Saltiel >> > >
Received on Thursday, 28 August 2014 13:34:55 UTC