[144857] in cryptography@c2.net mail archive
Re: Bringing Tahoe ideas to HTTP
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Tue Sep 15 11:39:00 2009
Cc: cryptography@metzdowd.com,
tahoe-dev@allmydata.org
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: Brian Warner <warner@lothar.com>
In-Reply-To: <4A970144.8020709@lothar.com>
Date: Mon, 14 Sep 2009 23:57:49 -0700
On Aug 27, 2009, at 2:57 PM, Brian Warner wrote:
> I've no idea how hard it would be to write this sort of plugin. But =20=
> I'm
> pretty sure it's feasible, as would be the site-building tools. If
> firefox had this built-in, and web authors used it, what sorts of
> vulnerabilities would go away? What sorts of new applications could we
> build that would take advantage of this kind of security?
What you're proposing amounts to a great deal of complex and =20
complicated cryptography. If it were implemented tomorrow, it would =20
take years for the most serious of implementation errors to get weeded =20=
out, and some years thereafter for proper interoperability in corner =20
cases. In the meantime, mobile device makers would track you down for =20=
the express purpose of breaking into your house at night to pee in =20
your Cheerios, as retaliation for making them explain to their =20
customers why their mobile web browsing is either half the speed it =20
used to be, or not as secure as on the desktop, with no particularly =20
explicable upside.
It bugs the hell out of me when smart, technical people spend time and =20=
effort devising solutions in search of problems. You need to *start* =20
with the sorts of vulnerabilities you want to do away with, or the =20
kinds of new applications you can build that current security systems =20=
don't address, and *then* work your way to solutions that enable those =20=
use cases.
It's okay to do it in reverse order in the academia, but you seem to =20
be talking about real-world systems. And in real-world systems, you =20
don't get to play Jeopardy with cryptography.
Cheers,
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
