[tahoe-dev] Bringing Tahoe ideas to HTTP

[Ivan Krstić]

On Aug 27, 2009, at 2:57 PM, Brian Warner wrote:
> I've no idea how hard it would be to write this sort of plugin. But  
> I'm
> pretty sure it's feasible, as would be the site-building tools. If
> firefox had this built-in, and web authors used it, what sorts of
> vulnerabilities would go away? What sorts of new applications could we
> build that would take advantage of this kind of security?

What you're proposing amounts to a great deal of complex and  
complicated cryptography. If it were implemented tomorrow, it would  
take years for the most serious of implementation errors to get weeded  
out, and some years thereafter for proper interoperability in corner  
cases. In the meantime, mobile device makers would track you down for  
the express purpose of breaking into your house at night to pee in  
your Cheerios, as retaliation for making them explain to their  
customers why their mobile web browsing is either half the speed it  
used to be, or not as secure as on the desktop, with no particularly  
explicable upside.

It bugs the hell out of me when smart, technical people spend time and  
effort devising solutions in search of problems. You need to *start*  
with the sorts of vulnerabilities you want to do away with, or the  
kinds of new applications you can build that current security systems  
don't address, and *then* work your way to solutions that enable those  
use cases.

It's okay to do it in reverse order in the academia, but you seem to  
be talking about real-world systems. And in real-world systems, you  
don't get to play Jeopardy with cryptography.

Cheers,

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org