Re: Mandatory encryption

Hi Patrick,

> Your point is incredibly important, is absolutely intertwined, and
> deserves lots of attention. I feel like focus in that area is building
> but there is nothing to show for it yet.

Thanks.  I agree.

> However, its not an inherently
> unsolvable problem and thus I really disagree with the "red herring"
> claim.
What I meant by red herring is that I haven't heard anyone object to the
assertion that privacy is good.  I'm just concerned that mandating
crypto without thinking about the UI implications could make things
worse.  I do not know how hard the problem is.  It's not like we haven't
been looking at reputation/certification elsewhere, but more work is
required, as you mention above.

Mozilla and other browser developers are in a very good position to
discuss what user indications might work versus what might not, and what
the protocol implications are.  Also, I'm reminded that because HTTP is
used for everything in the world, the applicability of this work could
be circumscribed to try to make some of these issues more tractable
(like whether a user is present).

>  Transport security needs to be used more widely and we also need
> to make the transport security work better.

> I don't think that means throwing away TLS (or even the way PKI is
> managed) in favor of something else, but I'm open to a different
> strategy that achieves the same goals. I think everyone is.

Warmest regards,


Received on Wednesday, 18 July 2012 15:58:14 UTC