On Wed, Oct 8, 2014 at 3:31 PM, Adam Roach <adam@nostrum.com> wrote: > Sure. You're getting off onto the tangent of opportunistic encryption, > rather than really talking about the gUM issue. I'll post one quick rebuttal > here, and then I intend to let the issue alone on this list (since it's > several steps removed from the media capture charter). It's a bit of a tangent, I agree. And I apologize for not making it clear that I believe all of these questions are intertwined: * Why should we pay the cost of developing and deploying a security mechanism if its guarantee is not strong enough to justify even a 1-bit a user-visible promise? Keep in mind that resources spent defeating purely passive attacks are resources that cannot be spent on stronger mechanisms. * Why should users trust an origin that cannot make a promise? (With their cameras and microphones?) * Why should we believe the cost differential between active and passive attack is large?Received on Wednesday, 8 October 2014 23:15:22 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC