mknod:

I wish there were a better way to implement a one time pad from the browser to the server and vice versa.

SSL is great and all but we're really just ultimately trusting our OS, browser, and server to do all of our trusting for us. Granted, this has worked out okay so far, but as computers increase in availability and power, it seems like we should stop "trusting math" at some point, and move on to something much more versatile and portable.

This would be one of those really great problems to work on. It certainly is fun to think about.

I have often thought there should be a good way to implement pgp (gpg if you're cool and open source). In a much more ubiquitous way, maybe when you purchase a phone or login to your OS it can help you set up a certificate that you can use and from there you can use that certificate to help secure your usage. But even that would require a trust chain.

----- Different tangent -----

I feel like one of the real reasons google is being so gung ho about SSL isn't so much about security. I am a huge fan of google, but if we're being honest they want money. The way they get money is through advertising. Being able to tell advertisers "Person x went to your site because of reason y with 99.99% certainty" would be very valuable and having SSL working as a trusted intermediary is a cheap way of implementing such a solution. This might also be completely bullshit as they've implemented a pgp client in the browser http://boingboing.net/2014/06/04/google-announces-end-to-end-en.html which would certainly take away from being able to datamining email.


posted by mk: 1520 days ago