- From: Henry Story <henry.story@bblfish.net>
- Date: Thu, 12 Jul 2018 19:06:00 +0200
- To: Dave Crocker <dcrocker@gmail.com>
- Cc: public-web-security@w3.org
- Message-Id: <1F6F3F23-F6D9-4359-80B2-39BE80CF02A9@bblfish.net>
> On 12 Jul 2018, at 15:34, Dave Crocker <dcrocker@gmail.com> wrote: > > On 7/12/2018 5:19 AM, Henry Story wrote: >> I have recently written up a proposal on how to stop (https) Phishing, > > http://craphound.com/spamsolutions.txt > > originally written for email, but it applies here, too. :D But, not really: The architectural difference between the web and e-mail are very big. Furthermore the problems looked at are completely different: that questionnaire is for spam, and this is a proposal against phishing. Then the type of solution I provide is very unlikely to have ever been thought of pre-web, given the type of technologies involved. Also I have spoken to people from Symantec and presented this at the cybersecurity Southampton reading group, and so it has had some initial tyre kicking already. Philosophically the answer presented is very different too. You can see that with the first line of that "questionnaire" Your post advocates a ( ) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. The approach here is none of those: it is organological [1], in the sense that it is thinking of the problem from an approach that takes the body politic (the organs of the state), law, the individual and technology into account as forming a whole that co-individuates itself. So to start it does not fit first choice box... But you don't need to understand that philosophy to understand the proposal. You just have to be open to new possibilities. I Henry http://bblfish.net/ <http://bblfish.net/> [1] There was a conference on this here for example. http://criticallegalthinking.com/2014/09/19/general-organology-co-individuation-minds-bodies-social-organisations-techne/ > > And fwiw, for any UX issue, there is no certitude in the absence of very specific testing. Yes of course. I do go more carefully into the problem with the https UX here https://medium.com/@bblfish/response-to-remarks-on-phishing-article-c59d018324fe#1a75 I argue there with pictures to go along, that the problem is that there is not enough information in X509 certificates for it to make sense to users. Even in EV certs. What is needed is live information. > > > d/ > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net
Received on Thursday, 12 July 2018 17:06:27 UTC