Hi Nick,
On 21/05/2024 19:05, Nick Harper wrote:
[...]
Perhaps there are additional ways to use Trust Expressions to censor
the web that are more practical and more useful than the existing
techniques that I didn't consider. There are most certainly other
forms of domestic control of the Web that I didn't consider. From my
analysis, if I were a government looking to enable surveillance and
domestic control of the Web, I don't see Trust Expressions as
something that unlocks new options or makes existing techniques
easier/more reliable. It is at most something to keep in mind as
technology evolves. Maybe I'm not very imaginative, and you've
imagined much more interesting ways a government might surveil the web
or attempt to control it using Trust Expressions.
This thread is now 40+ messages deep and I guess you might have not seen
much of the previous discussion. I actually agree with much of your
analysis, but it focused on the wrong question, as I wrote earlier in
this thread:
The question we're evaluating is NOT "If we were in a very unhappy
world where governments controlled root certificates on client devices
and used them for mass surveillance, does Trust Expressions make
things worse?" Although Watson observed that the answer to this is at
least 'somewhat', I agree such a world is already maxed at 10/10 on
the bad worlds to live in scale and so it's not by itself a major
problem in my view.
The actual concern is: to what extent do Trust Expressions increase
the probability that we end up in this unhappy world of government CAs
used for mass surveillance?
On 21/05/2024 19:05, Nick Harper wrote:
I'd be interested to hear details on what those are.
Messages [1,2,3,4] of this thread lay out these details at length.
Besides these concerns which are unaddressed so far, much of the recent
discussion has focused on establishing what problem(s) Trust Expressions
actually solves and how effective a solution it actually is.
Looking forward to your thoughts on either or both aspects.
Best,
Dennis
[1] https://mailarchive.ietf.org/arch/msg/tls/LaUJRHnEJds2Yfc-t-wgzkajXec/
[2] https://mailarchive.ietf.org/arch/msg/tls/zwPvDn9PkD5x9Yw1qul0QV4LoD8/
[3] https://mailarchive.ietf.org/arch/msg/tls/9AyqlbxiG7BUYP0UD37253MeK6s/
[4] https://mailarchive.ietf.org/arch/msg/tls/fxM4zkSn0b8zOs59xlH6uy8P7cE/
_______________________________________________
TLS mailing list --tls@ietf.org
To unsubscribe send an email totls-le...@ietf.org
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org