- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 28 May 2014 07:15:11 -0700
- To: carlo von lynX <lynX@time.to.get.psyced.org>
- Cc: liberationtech <liberationtech@mailman.stanford.edu>, Eleanor Saitta <ella@dymaxion.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
- Message-ID: <CACvaWvazcmrZb0VyAdZsSqd2U3MpbpoaW7fVYvNy2Fo3Dh4JSA@mail.gmail.com>
Webcrypto to BCC, as this has drifted off topic in both tone and content. On May 28, 2014 6:29 AM, "carlo von lynX" <lynX@time.to.get.psyced.org> wrote: > Sorry libtech, some of the in-between mails were not forwarded > to you. > > On Wed, May 28, 2014 at 02:21:55PM +0200, Anders Rundgren wrote: > > Asking for "consensus" on anything security-ish under these > > circumstances is simply put impossible. > > That's because you can't build consensus if some participants > have an interest on dominating over others. The method of > consensus requires the group to remove such elements in order > to be able to work out a consensus which is best for the group - > and in this case the consensus must be privacy for humanity, > not security business models for companies or obligations to > their respective governments. > > So the mistake in the method you are applying is well-researched > and has an answer. Issues concerning basic constitutional rights > of citizen must not be defined by a standards body open to > entities and elements with incompatible interests. > > Thus, Webcrypto CANNOT be reasonably be brought forward by > either W3C or IETF. q.e.d. > > > Following the logic in your reasoning, you should list all the > > algorithms that should be deprecated. I'm not a cryptographer > > but I'm quite familiar with security protocols and that's where > > things go really wrong. If you take a peek in the IETF-TLS > > list you will get an idea of the complexity building secure > > protocols. > > That is a fallacy. Negotation is a bug. GNUnet comes with one > wise choice of a cipher. Should a sufficiently relevant new > cipher be invented, GNUnet will have a transition period - > but that's it. No backwards compatibility humbug forever. > > > BTW, I'm not a member of the WebCrypto WG but I mentally support > > the work anyway. If somebody comes up with a better mousetrap > > I don't think anybody will object :-) > > That's why you are perpetuating this debate which is VERY > much not in the interests of the W3C members. I like it. > Thank you for letting Eleanor's and my voice be heard. > > > There were requests fora high-level API that would hide the > > complexity as well as always using the "best" algorithms. > > Oh that's easy.. you can look at NaCl or EthOS for inspiration. > > > It was rejected and IMO on correct grounds because there > > would be endless discussions on how such a thing would work > > and in the end nobody would be happy anyway. > > It is totally among the duties of the advanced lobbyist to > know how to gently and delicately break consensus processes. > Of course a consensus could be found, but only among honest > participants. If you weren't successful, this is by today's > knowledge on democracy research a proof that your work has > been undermined by at least one participant who had no > interest in achieving consensus. > > Or did you expect secret services would walk into the > working group meetings armed with machine guns and coerce > everyone into stopping to work on reasonable crypto > technologies for the masses? > > > >
Received on Wednesday, 28 May 2014 14:15:39 UTC