[Freedombox-discuss] Using more than one security scheme
Abhishek Dasgupta
abhidg at gmail.com
Mon Jul 11 05:41:42 UTC 2011
On 11 July 2011 05:16, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
[...]
> I actually agree that best-effort approaches can be a reasonable part of
> a good crypto toolkit, but the willingness to accept a downgrade needs
> to reside in the toolkit policy, and the policy needs to be both
> comprehensible to and controlled by the user. That is, if there's a
> message that i would rather fail to get through than potentially leak, i
> should be able to say "no downgrades on this communication, please".
> Alternately, for a message that i don't really care about
> confidentiality at all (e.g. i expect it to be public anyway), i ought
> to be able to say "downgrades are OK".
>
> The UI challenge here is not an easy one. And it's even harder if you
> want to cover situations more nuanced than the two extreme examples i
> gave above.
>
Why not have 'protected' mode = downgrades are not OK by default? If
the message fails to pass, then the option could be given to make it
OK not to downgrade. Also, like in Google+ circles, a user has to
choose how much they want to share; it is just as simple as clicking a
button before sharing.
Abhishek
More information about the Freedombox-discuss
mailing list