Re: Pervasive encryption: Pro and contra from Henry Story on 2013-11-18 (ietf-http-wg@w3.org from October to December 2013)

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 18 Nov 2013 10:10:26 +0100
To: Tim Bray <tbray@textuality.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <0950B8D7-0781-40F1-9844-5C01337D247B@bblfish.net>

Hi Tim,  hi all. 

   Since my days at Sun Microsystems working with Tim Bray I have been developing with 
a loose knit distributed community a set of standards based tools that show how one can
answer a lot of the negatives put forward here in order to build a more secure web with
pervasive TLS based encryption. The idea is to use tools and standards that exist off
the shelf. 

   The answer is to distribute data to the nodes, so that each person/organisation physically
controlls its own information on its servers. This requires distributed authentication and
distributed access control. It requires ease of use. All of that can in fact be achieved in
my opinion.

  I can explain this here. But most of you will find something annoying about it.
Tim will be skeptical because we use RDF. Others will be skeptical because we
use client side TLS certificiates for identification without using CAs to sign them, 
....  I think the pain point makes it worth trying something new.

  you can check the list of specs we use
   https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html

  But of course that won't help that much. You have to see it in action to see it 
working. 

   If some of you are in Paris next week we'll be having a Workship at the Mozilla labs
in Paris to show how that works.
   https://github.com/stample/wiki/wiki/Weave-the-web-we-want

  if you can't read the doc, then check out the project README to get an idea 
of how this works ( with curl: you'll need to imagine it doing the same with JS )
   https://github.com/stample/rww-play

Henry

On 17 Nov 2013, at 02:03, Tim Bray <tbray@textuality.com> wrote:

> There has been a *whole lot* of traffic on this subject.  It’s fascinating that the meeting of minds is so difficult, and any possibility of that happening is made more difficult by the discussion skewing back and forth across the road.
> 
> To help sort things out in my own mind, I just went and read the last few hundred messages and attempted to curate the pervasive/mandatory encryption arguments, pro and contra.  It’s in a Google doc that’s open to comment by anyone: http://goo.gl/6yhpC1  Hm, is there a handy wiki platform somewhere that can stand up to the pressure?
> 
> I don’t know if trying to organize the talking points is generally useful, but I sure found it personally useful; maybe others will too.
> 
> Disclosure: I remain pretty strongly in favor of as much mandatory encryption as we can get, so that may have filtered my expression of the issues.  I've version-stamped this: 2013/11/16, and promise not to change it in case people comment on it.

Social Web Architect
http://bblfish.net/

Received on Monday, 18 November 2013 09:11:00 UTC