It's fairly straightforward to uncover someone's financial and public ties to various organizations by looking through public records. But mentioning this possibility among peers is a bit of a conversation killer. No one wants to risk invading the privacy of someone who doesn't deserve it (which is virtually everyone with NIST or IETF). Incidentally, when I mentioned this to a researcher who grew up in a horribly oppressive society, his response was "Why would you not do this kind of research?" So then I was in the awkward position of explaining that A) most people care about their careers, B) people don't want to invade others' privacy, C) the risk of false-positives is non-zero. Do I think that people with suspicious financial ties should be outed? Sure. But no one wants to do that. No one wants to be the messenger. TL;DR: people love handrwringing, hate even mild risk. best, Griffin ps: nah, I don't think that the legitimacy of the WebCrypto API is in doubt Nicolas Bourbaki wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Is this a victory? Has anything been learned from the process? We know that regime changes are meaningless if the means of governance are not also reformed.
In July of 2013 JFC Morfin registered an appeal [1] to the IAB (IETF governing body). He asked the IAB to consider how the concept of a protocol should account for social and ethical requirements. The IAB's response [2] was terse. It showed that these governing bodies lack the means and will to consider how the tools they develop effect people.
We sit in a time where the architect of good citizenry is being increasingly dictated by undemocratic institutions. We are quickly trading space beholden to social contracts of the commons for those built by neo-liberal corporations. The ethics of "the protocol" is dictated by whichever company provides the most coffee and cake for the next workgroup meeting. I think the argument of "GeoIP as a threat to democracy" [3] provides an example rhetoric illustrating why concern for this is so important and why perhaps a witch hunt within the IETF is in order.
1. http://www.iab.org/wp-content/IAB-uploads/2013/07/appeal-morfin-2013-07-08.p... 2. https://www.ietf.org/mail-archive/web/ietf-announce/current/msg11697.html 3. https://cpunks.org/pipermail/cypherpunks/2014-July/005037.html
On 23/10/2014 20:30, odinn wrote:
As a (hopefully final) note to this particular issue, please note the resolution at:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c64
The NSA co-chair is resigning, and it appears the Working Groups are moving ahead without the involvement of that co-chair, for example:
(see comments 61 and 62 at)
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618#c61
Cheers,
-Odinn
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJUS4SzAAoJEHi6xtksL8/uwzcP/01mXaZiWgfcR6QEo7te2iC2 ECGnIHCXmHT4amxPDtjWGWJwPaY7ZY3k4c328gx/hOewS1a2BYU1LIpv9nJ2Hq/P B96QciRIJG4lIzaoYUE72RyvorEUOyB5VDzDTzx5McqAkW0STReJSTJKlg9G30He vJ7wrDBS3VB1G8kY32i39fEDPJMm4vlv+1n2R9FM6lSXyD/QCuTQQQzrqA1Z9XCD Y+8r6XNhN0+H5oMRyutQV9qJp6+BNXJLl3rQBi8JPtxtKxNCa3kbdt1bINjWy/2J fheKL6gUynX/EpL0epNnX1OgXWHd6SjnEjPZj08w142UQT7aEL5W1WHi/nbdKx1u uZIkEoAzJq0Gb/Bnumon0R3WA+xU2tqPF/BGr2kFCvws8PgQr6K5lZEmzLcu0AyV dGABC921MLA2scOqRSTmaYiVgVMrp8JAkjxwHe7TSJIh94M7e2GzbVnkkzeJhyEF pSpK6lkSJrq0lDlqN6njKB0P+myBEh3a0kPBoK93UfaFYD36elOBjvdIKN4mBMp1 1b2nC/0jrpjtfWe8gGwOhLXBeCDLunVJWLG47x4JhRy4YwTfBZicFs1rdoyOQBkd zoPTlOoBShYV87ERdPvWrRzdwa0fcFeJhXuFHL4OIc+nPRU1ged1TPnNkjfZW6Az E0ig0q8YefURxuz4BPBN =5/1u -----END PGP SIGNATURE-----
-- "I believe that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users." ~Len Sassaman