Bringing Tahoe ideas to HTTP

James A. Donald jamesd at
Tue Sep 15 19:12:37 EDT 2009

Ivan Krsti  wrote:
> What you're proposing amounts to a great deal of complex and complicated 
> cryptography. If it were implemented tomorrow, it would take years for 
> the most serious of implementation errors to get weeded out, and some 
> years thereafter for proper interoperability in corner cases. In the 
> meantime, mobile device makers would track you down for the express 
> purpose of breaking into your house at night to pee in your Cheerios, as 
> retaliation for making them explain to their customers why their mobile 
> web browsing is either half the speed it used to be, or not as secure as 
> on the desktop, with no particularly explicable upside.

The ideas used in Tahoe are useful tools that can be used to solve 
important problems.

It is true that just dumping them on end users and hoping that end users 
will use them correctly to solve important problems will fail

It is our job to apply these tools, not the end user's job, the hard 
part being user interface architecture, rather than cryptography protocols.

Yurls are one example of an idea for a user interface wrapping
Tahoe like methods to solve useful problems.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list