Search Mailing List Archives
[liberationtech] W3C WebCrypto Last Call for Comments *today*
sleevi at google.com
Wed May 28 07:15:11 PDT 2014
Webcrypto to BCC, as this has drifted off topic in both tone and content.
On May 28, 2014 6:29 AM, "carlo von lynX" <lynX at time.to.get.psyced.org>
> Sorry libtech, some of the in-between mails were not forwarded
> to you.
> On Wed, May 28, 2014 at 02:21:55PM +0200, Anders Rundgren wrote:
> > Asking for "consensus" on anything security-ish under these
> > circumstances is simply put impossible.
> That's because you can't build consensus if some participants
> have an interest on dominating over others. The method of
> consensus requires the group to remove such elements in order
> to be able to work out a consensus which is best for the group -
> and in this case the consensus must be privacy for humanity,
> not security business models for companies or obligations to
> their respective governments.
> So the mistake in the method you are applying is well-researched
> and has an answer. Issues concerning basic constitutional rights
> of citizen must not be defined by a standards body open to
> entities and elements with incompatible interests.
> Thus, Webcrypto CANNOT be reasonably be brought forward by
> either W3C or IETF. q.e.d.
> > Following the logic in your reasoning, you should list all the
> > algorithms that should be deprecated. I'm not a cryptographer
> > but I'm quite familiar with security protocols and that's where
> > things go really wrong. If you take a peek in the IETF-TLS
> > list you will get an idea of the complexity building secure
> > protocols.
> That is a fallacy. Negotation is a bug. GNUnet comes with one
> wise choice of a cipher. Should a sufficiently relevant new
> cipher be invented, GNUnet will have a transition period -
> but that's it. No backwards compatibility humbug forever.
> > BTW, I'm not a member of the WebCrypto WG but I mentally support
> > the work anyway. If somebody comes up with a better mousetrap
> > I don't think anybody will object :-)
> That's why you are perpetuating this debate which is VERY
> much not in the interests of the W3C members. I like it.
> Thank you for letting Eleanor's and my voice be heard.
> > There were requests fora high-level API that would hide the
> > complexity as well as always using the "best" algorithms.
> Oh that's easy.. you can look at NaCl or EthOS for inspiration.
> > It was rejected and IMO on correct grounds because there
> > would be endless discussions on how such a thing would work
> > and in the end nobody would be happy anyway.
> It is totally among the duties of the advanced lobbyist to
> know how to gently and delicately break consensus processes.
> Of course a consensus could be found, but only among honest
> participants. If you weren't successful, this is by today's
> knowledge on democracy research a proof that your work has
> been undermined by at least one participant who had no
> interest in achieving consensus.
> Or did you expect secret services would walk into the
> working group meetings armed with machine guns and coerce
> everyone into stopping to work on reasonable crypto
> technologies for the masses?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech