Things are slowly coming out about what happened a month ago in New York city, and my initial questions still go unanswered, many excuses are being spun but very few answers are given freely, and this is really disappointing coming from the Mozilla guys.
Mozilla touts, like many open source projects that being open and free is a major benefit to society, yet they then have the hide to turn round and conspire with commercial interests behind close door for what we’re being told will be the benefit of the internet.
I’m not sure about anyone else but my memory isn’t that bad that I’ve forgotten how US commercial interests don’t do anything unless it will effect their bottom line, either for increased profits, or due to regulatory disputes planning to inflict fines or other restrictions that will hurt their bottom line. This is highlighted only too well in the current SPF vs Sender ID debate, Microsoft as usual came in late to the game thinking, “we’ve missed another boat, what the hell do we do now?”. What they came up with, was a small variation of SPF then turned round and requested a patent on their “innovation”!
Microsoft then did what Microsoft always does, turned round and tried to inflict their “invention” on us, but it was no olive branch, it was a thorny stem with no rose on the end, basically they have and are still trying to take control of email via a patented invention that does very little more then what SPF does, in fact they are still trying to push through their “invention” by brute force. Since the MADRID task force collapsed due to lack of consensus, Microsoft has a solution lacking mass adoption, so they are planning to mark any email being sent to their domains as junk that don’t support (or properly support) Sender ID.
So anyway back to the current story, basically Mozilla hasn’t learnt from history and they actually think they will be able to do more good then harm from closed door talks then what happened with MADRID. I doubt anyone will claim the internet could be where it is without open standards, and open discussions preceding before that, hell CAcert thrives based on open discussions, there are a lot of smart people out there with a lot of good ideas and we’d be mad to simply ignore them.
However this is exactly what the Mozilla guys have done, and in the process alienated a lot of smart specialists in the area they are trying to define, the end result will be that we all suffer, and a very good example of where this has happened in the past is with Wifi security (this is after all how CAcert begun, bad Wifi security needing something else to protect information), basically cryptography experts weren’t consulted openly and we ended up with something basically a waste of time that can be cracked in minutes, so tell me how those closed door talks helped society exactly.
Ian from FinancialCryptography has some more information on the topic on his blog as well, which is well worth the read. https://www.financialcryptography.com/mt/archives/000514.html
Duane, this is a bit socialist! The purpose of commercial entities is commerce; and if Mozilla were to think itself as a commercial entity then there would be no issue here. In fact they are most of the way there already as they already take money for advertising interests – details not being clear but something to do with google sponsorship. They need to do more to reveal that situation.
The problem with this is that the users’ interests are somewhat lost in this half-in half-out dance. A commercial company has the users interests fairly well directed as users just stop paying. This means that the organisation has at least one way to determine when things aren’t delivering value to users.
Open source operations don’t have that feedback metric. So the users have no way to reward or punish the organisation. So the organisation doesn’t know when it is doing good or wrong, except by downloads which is a real poor metric.
The issue here is that Mozilla may be substituting the judgement of other commercial interests for their own users interests. That’s a bit perverse, and it *might* work out. Funnily enough, Frank Hecker posted on FC that what the commercial interests are asking for is what we, the users have been asking for the last couple of years, so if that goes through well and good.
But it might not work out. What’s the answer? These aren’t easy questions, and it is very easy to get it wrong. It’s going to take months or years to sort this out, so best bet is to leave them to get on with it. Meanwhile, what about phishing? What’s CACert’s posture towards toolbars?
I’ve previously commented about the Netcraft tool bar, and while not illegal, I have grave reservations about handing over all my browsing history in real time to anyone. Good idea in theory, but big privacy problems in reality.
For other tool bars, I think they are a good idea, but you have trouble getting people to actually download them, after all, most/all plugins have complete access to your browser and this is a HUGE leap of faith on the part of the end user, although I doubt this risk is very well pointed out, nor does the browser have any mechinism to lock down what plugins can and can’t do, so often security people won’t install anything else.
One way round the current impasse would be for someone to rebuild one of the open source browsers with the code already hacked in, but this will of course involve a lot of work as well, no easy solution.
As for your comments on Mozilla, while I can see where you’re coming from, I also think you are overly optimistic about the situation, or perhaps I’m a little jaded by the past and can’t see how anything good will come from this without pushing from others with a lot of experince in this area that are currently being ignored.
Rinse and Repeat.
That’s MARID, not MADRID. Mailer Authorization Records in DNS.