Thank you Nick. On 25/10/17 20:34, Nick Sullivan wrote: > On that note, so what if some browsers opt in? Servers need to also opt-in > to setting visibility keys.
It is good to see the discussion move on from the proponents' seeming inability to envisage that anything bad could possibly happen here;-) I believe you are right that if we standardise this, it is reasonably likely to end up in some browser. (I've no idea how to estimate that probability, so we're all guessing really.) As you might expect, I disagree with your analysis as to the consequences if browsers did support this. Just as one example, I read today of reports that some people have been arrested/accused partly on the basis that they downloaded some software [1] so it is sadly far too easy to imagine that some regime somewhere would arrest people for having a browser that does not support this "standard" feature. Note, I'm not saying I accept all details of the story in [1] as such things are often badly reported, but I do assert that such issues are ones we ought be seriously considering. For me, us defining a feature like this that could be mandated, for wiretapping, or the absence of which could get folks into that kind of trouble, is just not something we ought be risking, regardless of our inability to estimate the probabilities involved. S. [1] https://www.theguardian.com/world/2017/oct/25/amnesty-turkish-chair-taner-kilic-on-trial-over-failed-coup
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
