Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] W3C WebCrypto Last Call for Comments *today*

Ryan Sleevi sleevi at google.com
Wed May 28 07:15:11 PDT 2014


Webcrypto to BCC, as this has drifted off topic in both tone and content.
On May 28, 2014 6:29 AM, "carlo von lynX" <lynX at time.to.get.psyced.org>
wrote:

> Sorry libtech, some of the in-between mails were not forwarded
> to you.
>
> On Wed, May 28, 2014 at 02:21:55PM +0200, Anders Rundgren wrote:
> > Asking for "consensus" on anything security-ish under these
> > circumstances is simply put impossible.
>
> That's because you can't build consensus if some participants
> have an interest on dominating over others. The method of
> consensus requires the group to remove such elements in order
> to be able to work out a consensus which is best for the group -
> and in this case the consensus must be privacy for humanity,
> not security business models for companies or obligations to
> their respective governments.
>
> So the mistake in the method you are applying is well-researched
> and has an answer. Issues concerning basic constitutional rights
> of citizen must not be defined by a standards body open to
> entities and elements with incompatible interests.
>
> Thus, Webcrypto CANNOT be reasonably be brought forward by
> either W3C or IETF.  q.e.d.
>
> > Following the logic in your reasoning, you should list all the
> > algorithms that should be deprecated.  I'm not a cryptographer
> > but I'm quite familiar with security protocols and that's where
> > things go really wrong.  If you take a peek in the IETF-TLS
> > list you will get an idea of the complexity building secure
> > protocols.
>
> That is a fallacy. Negotation is a bug. GNUnet comes with one
> wise choice of a cipher. Should a sufficiently relevant new
> cipher be invented, GNUnet will have a transition period -
> but that's it. No backwards compatibility humbug forever.
>
> > BTW, I'm not a member of the WebCrypto WG but I mentally support
> > the work anyway.  If somebody comes up with a better mousetrap
> > I don't think anybody will object :-)
>
> That's why you are perpetuating this debate which is VERY
> much not in the interests of the W3C members. I like it.
> Thank you for letting Eleanor's and my voice be heard.
>
> > There were requests fora high-level API that would hide the
> > complexity as well as always using the "best" algorithms.
>
> Oh that's easy.. you can look at NaCl or EthOS for inspiration.
>
> > It was rejected and IMO on correct grounds because there
> > would be endless discussions on how such a thing would work
> > and in the end nobody would be happy anyway.
>
> It is totally among the duties of the advanced lobbyist to
> know how to gently and delicately break consensus processes.
> Of course a consensus could be found, but only among honest
> participants. If you weren't successful, this is by today's
> knowledge on democracy research a proof that your work has
> been undermined by at least one participant who had no
> interest in achieving consensus.
>
> Or did you expect secret services would walk into the
> working group meetings armed with machine guns and coerce
> everyone into stopping to work on reasonable crypto
> technologies for the masses?
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140528/525fd6d8/attachment.html>


More information about the liberationtech mailing list