W3C home > Mailing lists > Public > semantic-web@w3.org > August 2014

Re: The ability to automatically upgrade a reference to HTTPS from HTTP

From: Marc Fawzi <marc.fawzi@gmail.com>
Date: Thu, 28 Aug 2014 06:33:44 -0700
Message-ID: <CACioZito-3edPJBQCt9=SJd7RWWii4N0R__k_=eg9J2nmo=iJA@mail.gmail.com>
To: adasal <adam.saltiel@gmail.com>
Cc: frederick.hirsch@nokia.com, reto@gmuer.ch, Hugh Glaser <hugh@glasers.org>, Tim Berners-Lee <timbl@w3.org>, "semantic-web@w3.org" <semantic-web@w3.org>, TAG List <www-tag@w3.org>
Heh. This just came up on HN

https://code.google.com/p/end-to-end/wiki/KeyDistribution




On Tue, Aug 26, 2014 at 9:20 AM, Marc Fawzi <marc.fawzi@gmail.com> wrote:

> Very interesting thoughts, and relevant. The web as it stands right now is
> the greatest surveillance mechanism, and granted that nothing can be secure
> against state actors, there still need to be an attempt to analyze the
> current weaknesses (any org can be a CA and any CA can be coerced) and find
> some alternative. Worrying about the web breaking due to the move to https
> is a legitimate and practical concern but it's dwarfed by the actualized
> concern that https has evolved into a selective surveillance mechanism. A
> false sense of security is worse than no security, especially if you
> consider that criminal orgs could get in the game. The cat is out of the
> bag.
>
> If anyone has any idea, what are the potential solutions?
>
>
> On Tue, Aug 26, 2014 at 9:05 AM, adasal <adam.saltiel@gmail.com> wrote:
>
>>
>> On 26 August 2014 15:29, <frederick.hirsch@nokia.com> wrote:
>>
>>> I’m not sure i understand *why* https should be required everywhere,
>>> since risk management should take into account the value of what is at risk
>>> versus the costs but that is a different discussion.
>>
>>
>> Nor I.
>> If it is an overreaction then that overreaction can be analysed.
>> Typically it is said that overreactions are default positions held on to in
>> the face of some *imagined* anxieties.
>> And that they hide what the anxiety really is.
>> I think the real anxiety, in this context, is about identity and data
>> ownership, problems that universal adoption of https obscure rather than
>> alleviate.
>> The problems of identity and data ownership are not ubiquitous and
>> universally present.
>> They need case by case solutions.
>> But the sense of a threat in that area is a sense of a universal threat,
>> which really comes from how capitalism is working out in this area. By
>> which I mean a scrabble to own, access or mediate data by large players
>> makes it seem as if data must be owned, accessed or mediated enmass. Hence
>> the sense of universal threat.
>>
>> Adam Saltiel
>>
>
>
Received on Thursday, 28 August 2014 13:34:56 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 08:45:38 UTC