-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/15/2013 01:57 PM, Andreas Kuckartz wrote: >> >> That is outside the scope of this working group. > > Dissemination is mentioned as a topic for the 30C3 assembly. And > (at least) in that context it seems to be in scope. > *** We need to distinguish two vectors in our working group.
One is the hardcore P2P "next generation" that focuses on GNUnet and peer-to-peer solutions ; and the other is the "transitional" that focuses on how to go from here to there, including contemplating alternate paths, such as patching hopeless protocols, or seeking to reform the existing nightmarish hell of a reality. Although I'm convinced personally that jumping ships will be the best move, there are still 1.5-and-growing billion users to convince as well, without mentioning all the people with whom we all interact with in our daily lives using insecure protocols and unprotected communications. That factual inertia needs to be addressed, and although technologies such as LEAP do not convince me yet on their practicability, there's no doubt there's a market for it--people are working on it and do have the intention to deploy it. So, it's not only a matter of what we want, we know, or what we think is best, but also to consider and take into account the complexity of reality. The fact that there are many projects and much attention given to what we like to anticipatively call "legacy protocols" (SMTP, HTTP), should prompt us not to fight reality and instead, skim the milk, and embrace them as vectors for change. I urge to stop entirely with this anti-whatever discourse: we have nothing to justify, nothing to fear, and we can't do much about other people's decisions, but to bring them better alternatives. > > That statement is like "Windows users can't be helped". They can > never have an absolutely secure system without migrating to another > operating system. But that does not imply that improving their > security is impossible as long as they do not make that step. It > really depends on the threats one intends to protect against. > *** I guess you're right in some way, but *that* is definitely out of the scope of our working group: we're talking about free software, right? So the only correct step such a user could make would be to start using free software. And if "they don't have a choice", well, sorry, but we cannot do everything, talk with the FSF. That also supports the case of LEAP, or LinkedData, Lorea, etc.: those projects might not be what we want, and have a lot of flaws from our point of view, but they're addressing some problem, and there's no reason not to let them do it--we're free not to use them if that would harm us. It's not exactly as if we would let Monsanto take over the water supplies of a continent, destroy biodiversity, and feed cancer to entire populations. We're still talking about lessons learned here, with potential synergies involved. Some inventions come from tricky paths. If you cannot convince someone to join forces, repeating how bad their choices are probably won't help convince them. That's especially important as while you're complaining, they're working. And when they show their product, users go there, and then you can't tell users: wait! Wait! That is wrong! On the other hand, showing examples of things you can do with your solution, that you cannot with another--or not even considering it: showing what's possible and how to get started doing it, then yes, you get people working with you. That's the hard part. >> that trojan horse called WebRTC which comes equipped with MITM >> capabilities and missed the chance to at least mandate pinning. > > Such decisions are not immutable. > *** Indeed, that could be an interested channel for aggressiveness. >> How many minutes would it take until all major vendors are >> compelled to provide backdoors? > *** That is precisely why Snowden defected: for such illegal things not to be able to happen. Now, I understand your position, to help build technology that will prevent such abuse. But you're still fighting reality if you consider that question seriously. "They broke the Internet. We're building a GNU one." One where such blackmail over vendors is not worthy. We're not looking for absolute, we're looking for enough. == hk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJShmfUAAoJEEgGw2P8GJg9x8EP/1EfBMcNEF55XNBXHWBJP5Xt T5eyt2oxJvOuLn8g0VlBExRPnGF61sspcQWaV9uHXscr7RSenV+teokwWW+H0uBP HHpvah9+TtZHgYkf96z2N4EVriLwQTjNz9MFLP2/qdN1YcOrjya1WJmGbcHCgV4f wkXLwNMBMAaz2JWbmwZwHAretaJW+l+qcHGEKSfBiIn9avHChIhApG+pnuuRfOfu es/barFrBheEU5jlHNcjy7qByGOncQmnHvaAvew3nAflQVinoy+TrpMSY4gIwyJT 9qNn74E0VwxkI9OsIXmLJd9OxMxv4miDkeFXb3mRHKtK5LcytzSlHSIv3ySwwmAH n/TuZ76D5QGm6e49zScbvrfzBReJAcFVEfWh9dl8TjaFUOyyoBzKOZAt/x7l9yXz Sb9feRJKFCjUZAgKtiB3gMS7eE0x0yQigvRLTKM9W27qX0dXB8FqXgIcajz3RNu3 ZQ7PTO9FxkuXR5Ub/Lrx+j1NGKhbH5IizbR/fux1+9T5DH0E69aFJ63uNgpTbsUm FJNMylIlIyvbSn8NHqOMkhl5pdbdEPAGe792f0KQmF/LNlO5ivc2pboMdNE/rnb9 mqsklI9ROsswMY7lXNpAlKT4PqktxXFE37Mev3CbYXyOyfzzJtBwwz9cZkFOBx1X lUgpdC1UYqUZ3yNibsnw =y/C2 -----END PGP SIGNATURE-----
