This part of the discussion has strayed a bit far from the politics of encryption. ;-)
Not that it doesn't have value, but if I can bring it back on-topic for a moment…
The gist of the HTTPS issues is that it's simply not an engineering discussion,
it's a political one. The abuses recently revealed in the United States is either
orthogonal to the issue of the politics of encryption (in that HTTPS encryption in China,
Iran, and the future is in discussion), or is the direct salient (in that it is a prime
motivator for accelerating HTTPS rollout which has triggered this issue).
I, for one, would like to see the discussion of what to do. I'm of the believe that
there is no simple engineering decision without introducing practical, political, legal,
and moral complications. I suspect that even the more clever or complex ones also
introduce these issues. It's important to outline what our choices are and the
consequences of those choices, and derive consensus on what the right choice is going
forward, as it is clear what we have now[1] is a temporary band-aid.[2]
I'm less sanguine about Erik's suggestion that creating a deadline to
HTTP-canonical will actually get us to an adequate resolution. The reason is
simply—whatever I think of Google personally—I feel Google has a highly-capable,
highly-motivated, engineering-driven staff, and they were unable to come up with a
workable solution. Unlike Google, we have a clear sense about what motivates us[3], so we
need to figure out how best to get there/interpret it.
[1]:
http://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi…
[2]: Maybe start an RfC or other wiki page on Meta with a summary of the discussion so
far?
[3]:
http://wikimediafoundation.org/wiki/Vision
Take care,
terry
On Sep 3, 2013, at 11:50 AM, Kirill Lokshin <kirill.lokshin(a)gmail.com> wrote:
The thing is, it's kind of a crapshoot anyways.
You might see something that you think might be classified and report it; but, unless you
actually have the corresponding clearance yourself, you have no way of knowing for certain
whether the material is in fact classified in the first place. Conversely, anyone who
does have that information is unlikely to confirm it one way or the other, for obvious
reasons.
To make things even more convoluted, reporting certain kinds of material to the WMF could
itself potentially be considered illegal in some circumstances, since not everyone at the
WMF is considered a "US person" for ITAR purposes.
Kirill
On Sep 3, 2013, at 2:34 PM, "Fred Bauder" <fredbaud(a)fairpoint.net>
wrote:
To be
fair, none of the people receiving requests through legal@ or
emergency@ have security clearances either.
Kirill
True, but there are not so many of them. I'm not sure if a request about
a major matter has ever been made through any channel. In a way, that is
kind of a dumb move.
Fred