On Fri, Nov 15, 2013 at 03:28:38PM -0300, hellekin wrote: > *** We need to distinguish two vectors in our working group. > > One is the hardcore P2P "next generation" that focuses on GNUnet and > peer-to-peer solutions ; and the other is the "transitional" that > focuses on how to go from here to there, including contemplating > alternate paths, such as patching hopeless protocols, or seeking to > reform the existing nightmarish hell of a reality.
No, we don't need to make that distinction. At the last meeting there was a clear majority who only wants to get something solid off the ground and doesn't care for legacy patchwork. Since there are dozens of projects oriented on writing yet another easy UI for PGP, there is no need to disturb this project with it. > I urge to stop entirely with this anti-whatever discourse: we have > nothing to justify, nothing to fear, and we can't do much about other > people's decisions, but to bring them better alternatives. It's not anti-whatever but anti pro-whatever. Like if someone comes here to sell open standards, the web browser or XMPP as a part of the solution to our challenge. If we don't place clear limits to how much humbug this working group can take it becomes distracting, confusing and derailing from the plan. The job is complicated enough, we don't have the time to discuss the broken pieces, too. > If you cannot convince someone to join forces, repeating how bad their > choices are probably won't help convince them. We can patiently explain why we aren't doing things the way they think should be done. If that doesn't help, they can come back four year laters when they learned the lesson. Has happened so many times before, it's nothing new. > That's especially > important as while you're complaining, they're working. And when they > show their product, users go there, and then you can't tell users: > wait! Wait! That is wrong! On the other hand, showing examples of > things you can do with your solution, that you cannot with another--or > not even considering it: showing what's possible and how to get > started doing it, then yes, you get people working with you. That's > the hard part. Yes, all brilliant. With PSYC we've been doing things XMPP couldn't do - and still nothing changed. People stick to the "open standard" even if it doesn't work. > >> that trojan horse called WebRTC which comes equipped with MITM > >> capabilities and missed the chance to at least mandate pinning. > > > > Such decisions are not immutable. > > > *** Indeed, that could be an interested channel for aggressiveness. The W3C recommends certificate pinning, yet Firefox doesn't do it and you have to install Certificate Patrol by hand - and there are even sucky websites that produce false positives all the time. Under these preconditions you want to convince Google and Mozilla to pin down DTLS identities? The whole architecture is so super programmable, the browser wouldn't even know which ones are important and which ones aren't. Also, if Facebook wants to MITM your WebRTC video phone call, it simply sends you a new identity for that person. How would the browser possibly be able to figure out, that its user is being tricked? Hopeless.. if Mallory wants to record all those WebRTC sessions, it will be able to.. and even WebRTC devs will not be able to figure it out, unless they are working for Facebook or Google. > *** That is precisely why Snowden defected: for such illegal things > not to be able to happen. Now, I understand your position, to help I don't see much progress in people comprehending what needs to be done to actually cut out the middle man. I still have to discuss basic mistakes day-in day-out. > build technology that will prevent such abuse. But you're still > fighting reality if you consider that question seriously. "They broke > the Internet. We're building a GNU one." One where such blackmail > over vendors is not worthy. We're not looking for absolute, we're > looking for enough. Blackmail? Just assessing the situation. A GNU Internet stack is barely enough. SMTP, the web, WebRTC, XMPP.. is not. There must be at least one no-BS working group on earth.
