Re: Preparing to Publish HTTPS Finding

How about following in IETF and Google's footsteps and have a Bitcoin
blockchain-like public log of issued certificates for auditors?

Otherwise, Https is currently open to subversion by state actors and
terrorist organizations, as well as any criminal organization with enough
resources to infiltrate CAs and you'd be selling a fictitious story that
many people will believe without questioning, even if you say it's
imperfect. The perception is that an https connection is secure and immune
to surveillance (but that perception is dangerous as it could lead to
imprisonment and torture of political dissidents and activists -- recall
that Dutch CA episode when Iranian agents infiltrated a CA)

Maybe mighty Google's own ideas about making the web more secure would pass
the TAG's silly and condescending giggle test?

http://www.certificate-transparency.org/

See "How Log Proofs Work"



On Wed, Dec 24, 2014 at 4:43 AM, <chaals@yandex-team.ru> wrote:

> Hi Chris,
>
> 24.12.2014, 04:31, "Chris Palmer" <palmer@google.com>:
> > On Tue, Dec 23, 2014 at 5:20 PM,  <chaals@yandex-team.ru> wrote:
> >>>>   "The annual median per capita [yearly] income in India stood at
> $616, the
> >>>>   99th position among 131 countries." [1] (Gallup Dec 2013)
> >>>>
> >>>>   So what's the cost of a wildcard SSL certificate (someone quoted
> $100 in a
> >>>>   previous)?  Is it affordable?
> >>>  People at that income level need clean water and food, not X.509
> certificates.
> >>  This is a particularly odious statement.
> >
> > I was attempting to empathize with the poorest billion, but I see that
> > in doing so I presumed to know how people rank their needs. Obviously,
> > I don't.
>
> Well, different people rank their needs differently. And according to the
> things that are feasible to put in the rankings. Clean water is often not
> in that category, because hydro-engineering and water purification at any
> scale is generally far more expensive than e-commerce. And calculating the
> relative benefits is… let's go with "pretty interesting"… (of course it
> depends on whether you're doing it to understand others, or as part of
> managing your own life…)
>
> > I apologize to anyone I offended.
>
> Probably nobody was actually offended…
>
> The "bottom billion" *do* have dignity, pride, and take offense at things
> far less "important" than their everyday want for food and water. But
> having your needs understood better by rich people genuinely trying to help
> and in a position to do so often makes up for a bit of misunderstanding…
>
> >>  Often, people at that level could get food and clean water - and more
> precious bandwidth - if they could compete on a level footing in a low-cost
> web. Poor people often spend a huge amount of their total income on
> bandwidth and similar technology. And compared to those of us in the rich
> part of the world, it is often a very careful and very rational choice
> based on weighing some really serious odds.
> >
> > Can you provide some examples? I'd like to understand peoples' needs
> better.
>
> The basic message is that the bottom billion often want and *need* to
> trade in the same things the rest of us do - they just have to make tougher
> choices because they are inevitably dealing in very small quantities, and
> so economies of scale (and the inability to apply them) apply to decisions
> like whether to eat, buy medicine, or top up the phone credit. And people
> not just consumers, nor employees, they are seriously trading. For many,
> that is the only possible source of a livelihood.
>
> There are books and papers and reams of work on this. "Poor economics" and
> "Nickel and Dimed" are two that you often find in e.g. airport bookshops,
> and without making you an expert (I don't claim to be one, by the way)
> they'll give you some good insights and let you make more complicated
> mistakes :)
>
> But the rough upshot is that people with very little money often balance
> their priorities very carefully. As a totally faked example, a porter will
> drink dodgy water with a chance of giving him some unpleasant illness in
> order to ensure there is credit on his mobile phone - because the phone is
> the key to his income. The famous Karelian fishermen, who have to decide
> where to land their day's catch, will sacrifice all kind of basic needs
> (food, water, medicine) for the market information of the day, because the
> investment makes sense for tomorrow. The guy who makes a marginal living
> rebuilding old phones and selling them (imagine a 1990s Nokia phone body,
> with old sony-ericsson internals, using a philips screen and a 4-year-old
> Samsung battery - you can buy it for a few bucks on a street corner) needs
> information, and his customers who are making one of their biggest capital
> investments of the year need information too.
>
> And of course different people make those calls differently.
>
> Communication technology, in particular, is often available at prices that
> make it a possibiliity, and there are distinct advantages in having it.
> Which is why there are far more people with access to a mobile phone than
> to clean water, a functional toilet, and quite possibly even to a safe
> place to sleep at night.
>
> You can often use a phone or the Web to find a safer place to sleep, or
> make where you are safer. If your income is $3 / day and clean water costs
> $2.80 / day it is effectively unavailable, so your choices are simplified
> already, and your tradeoffs will involve food connectivity, maybe shelter
> and medicine, but not clean water.
>
> etc, etc, etc. - there is plenty of exercise left to the reader, but we
> also need people who understand how to make the technology work better…
>
> We return you to making the Web a better tool, hopefully with a slightly
> better idea of the diversity of the audience and the different kinds of
> problems they face.
>
> Cheers
>
> --
> Charles McCathie Nevile - web standards - CTO Office, Yandex
> chaals@yandex-team.ru - - - Find more at http://yandex.com
>
>