Nico said:
For me OS is not about anti-PM, or at least not mainly anti-PM. See below.
[BA] I agree - but IMHO it would be useful if we were clear about this in
problem statement documents.
Therefore OS can go a long distance relative to criminals in many situations.
[BA] We certainly do have a problem with criminals targeting payment networks
to great effect. However, given the urgency and potential deployment lags, is
OS the most timely potential response to that problem?
Sovereign powers will be able to do build active PM systems, no doubt.
[BA] In many cases (and certainly in the case of virtually all oppressive
regimes), major portions of the Internet infrastructure are under control of
the state. So if the issue is oppressive regimes (and protection of
dissidents), something considerably more comprehensive than OS is needed (e.g.
more along the lines of Tor).
[nico] But if the end-state for OS is something like DANE
[Huitema] It is also fairly easy for OS conscious applications to use channel
binding schemes and detect the MITM.
[BA] If we are talking about DANE and channel binding schemes, aren't we out of
the realm of "unauthenticated" opportunistic encryption?
[IanG] "Agreed on both points. And this is a big win. Because then we know
what they are doing and can provide evidence."
[Ted] This won't help in a totalitarian regime, certainly, but in democratic
societies having law enforcement agencies engaging in mass,
surreptitious surveilance might be less likely to be tolerated.
[BA] AFAIK, the surveillance budget is not a matter of public record in most
nations of the world. And as far as "toleration" in democratic societies is
concerned, are there democratic societies in which there are comprehensive
reform proposals that have a good chance of passage? Just wondered if I was
missing something.