[144858] in cryptography@c2.net mail archive
Re: Bringing Tahoe ideas to HTTP
daemon@ATHENA.MIT.EDU (James A. Donald)
Tue Sep 15 23:21:29 2009
Date: Wed, 16 Sep 2009 09:12:37 +1000
From: "James A. Donald" <jamesd@echeque.com>
Reply-To: jamesd@echeque.com
To: =?UTF-8?B?SXZhbiBLcnN0acSH?= <krstic@solarsail.hcs.harvard.edu>
CC: Brian Warner <warner@lothar.com>, cryptography@metzdowd.com,
tahoe-dev@allmydata.org
In-Reply-To: <27968C75-D2C5-43A8-B191-4AB1AFEBBF2C@solarsail.hcs.harvard.edu>
Ivan Krsti wrote:
> What you're proposing amounts to a great deal of complex and complicated
> cryptography. If it were implemented tomorrow, it would take years for
> the most serious of implementation errors to get weeded out, and some
> years thereafter for proper interoperability in corner cases. In the
> meantime, mobile device makers would track you down for the express
> purpose of breaking into your house at night to pee in your Cheerios, as
> retaliation for making them explain to their customers why their mobile
> web browsing is either half the speed it used to be, or not as secure as
> on the desktop, with no particularly explicable upside.
The ideas used in Tahoe are useful tools that can be used to solve
important problems.
It is true that just dumping them on end users and hoping that end users
will use them correctly to solve important problems will fail
It is our job to apply these tools, not the end user's job, the hard
part being user interface architecture, rather than cryptography protocols.
Yurls are one example of an idea for a user interface wrapping
Tahoe like methods to solve useful problems.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com