- From: Karl Dubost <karld@opera.com>
- Date: Sat, 9 Apr 2011 19:05:44 -0400
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Securing the future net
http://www.owlfolio.org/research/securing-the-future-net/
contains information with similar requirements than privacy
* Performance - large sites will not adopt solutions
which bulk up the amount of data required to be
exchanged to establish an secure connection.
* Independence/Availability - large sites will not
accept tying the uptime of their site to the uptime of
infrastructure over which they have no control (e.g.
an OCSP responder)
* Accessibility/Usability - solutions should not put the
cost of security, either in terms of single sites or
large deployments, out of the reach of ordinary people
* Simplicity - solutions should be simple to deploy, or
capable of being made simple.
* Privacy - ideally, web users should not have to reveal
their browsing habits to a third party.
* Fail-closed - new mechanisms should allow us to treat
mechanism and policy failures as hard failures (not
doing so is why revocation is ineffective) (however
this is trading off security for availability, which
has historically proven almost impossible).
* Disclosure - the structure of the system should be
knowable by all parties, and users must know the
identities of who they are trusting
--
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software
Received on Saturday, 9 April 2011 23:06:20 UTC