On 04/27/2014 10:33 AM, Ben Laurie wrote:
http://www.links.org/files/SimplySecure.pdf
Ben, As noble as the goals are of this initiative, the solution is likely to be accepted only in UK and the USA - only because it appears that the people behind this effort are from those two countries. Given Snowden's revelations, why should anyone outside these two countries trust anything crypto emanating from the US & UK? If we really want to see a universal crypto-protocol that works across the internet, the team that designs it must have representation from the US/UK's allies and enemies. If there are weaknesses in the design, then everyone stands to lose (and hopefully, the protocol never sees the light of day); if it is strong enough, then everyone is protected. I believe Bruce Schneier wrote that the US has proven itself to be a poor steward of the internet; to that extent if we want (reasonably) universal trust in a new crypto-protocol, its design must have representation from anyone that has a stake in it; anything less will only end up in balkanizing the internet from a crypto perspective. Arshad Noor StrongAuth, Inc. P.S. Note that the solution to the problem cannot merely be a technical one; crypto is a political tool, and in a borderless internet, the solution to the problem must account for the politics of trust. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
