[tahoe-dev] Bringing Tahoe ideas to HTTP
James A. Donald
jamesd at echeque.com
Sat Sep 5 01:41:12 PDT 2009
Fuzzy Hoodie-Monster wrote:
> as a
> practical matter, proposals more fine-grained ("endy") than TLS have
> (in some key cases, at least) shown to be unusable ("literally DOZENS
> of people use PGP") or worse than nothing for raisins of complexity
> and security (XML digital signatures).
The point, of course, is to construct something that *is* usable.
Zooko's triangle suggests a way to do it.
> Again, I regard TLS' provision of server authentication as "good
> enough", for now at least. I definitely don't regard CAs or browsers'
> handling of certificates or browsers' UI as good enough. I advocate
> fixing the weakest link in the chain, and currently that's user
> interface/user experience/communication to the user. Once we figure
> out how to explain to users who they are or might be talking to and
> how certain we are of that -- again, see OTR for hints -- THEN we can
> move on to the next problem.
Users do not want to be distracted by such complications.
More information about the tahoe-dev
mailing list