The ever humble #VintCerf talks about three mistakes he made when playing a crucial role in creating the #Internet's key protocols. https://spectrum.ieee.org/vint-cerf-mistakes
Conversation
Notices
-
Embed this notice
David Weinberger (dweinberger@mastodon.social)'s status on Tuesday, 09-May-2023 23:14:57 JST 
David Weinberger
-
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Tuesday, 09-May-2023 23:20:53 JST 
Sexy Moon
@dweinberger > I still don’t regret that, because graduate students, who were largely the people building and using the Internet, would be the last cohort of people I would rely on to maintain key discipline
yikes! -
Embed this notice
feld (feld@bikeshed.party)'s status on Tuesday, 09-May-2023 23:20:53 JST 
feld
I had to read the article to see he was talking about *private key disipline* in cryptography as the quote was confusing -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Tuesday, 09-May-2023 23:29:59 JST
Sexy Moon
@feld @dweinberger I don't blame him for not incorporating brand-new, basically untested key tech. maybe his thing about key discipline was meant in jest but it comes across really jerky. -
Embed this notice
feld (feld@bikeshed.party)'s status on Tuesday, 09-May-2023 23:29:59 JST
feld
i dunno man, we're talking about a time when Stallmann would remove the root password because sharing is caring
these people had no concept of opsec -
Embed this notice
Pete Zaitcev (zaitcev@shitposter.club)'s status on Wednesday, 10-May-2023 00:27:42 JST 
Pete Zaitcev
@Moon @feld @dweinberger Have you ever been to a PGP key signing party, man? The horror. -
Embed this notice
feld (feld@bikeshed.party)'s status on Wednesday, 10-May-2023 00:27:42 JST
feld
I've been involved in them @ FreeBSD conferences so the devs could get signatures on their keys. We required you bring a passport for verification of your identity in case someone was masquerading as a dev. But that was also a little odd because the dev team isn't huge and we pretty much know everyone -
Embed this notice
feld (feld@bikeshed.party)'s status on Wednesday, 10-May-2023 01:30:14 JST
feld
If encryption was part of the protocol in any way the web would not have blown up the way it did. Progress would have been stifled longer I think due to legal issues with encryption. -
Embed this notice
That Would Be Telling (thatwouldbetelling@shitposter.club)'s status on Wednesday, 10-May-2023 01:30:15 JST 
That Would Be Telling
@feld @dweinberger @Moon Addressing the “mistakes” one by one: IP had to run on the small minicomputers used by the APARNET, which is one reason Cerf couldn’t sell bigger keys than 32 bit. It was certainly realized by the early 1980s that wasn’t going to be enough.
He’s absolutely right about key discipline. Incorporating anything more than checksumming at the IP and TCP levels was a non-starter at the time and to this day, see how one of the new crypto crowd social media things has people posting their private keys or so I heard.
RSA is also very expensive, involves manipulating huge integers. There’s also a political dimension that made all that extremely radioactive and incorporating it would have probably prevented it from being a success.
Third of not anticipating how big what eventually was developed as the world wide web was not a mistake, nor was something that had any relevance to IP and TCP except they needed to be very good. Which they were and still are.
-
Embed this notice
feld (feld@bikeshed.party)'s status on Wednesday, 10-May-2023 01:31:03 JST
feld
> official fake government IDs
amazing -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Wednesday, 10-May-2023 01:31:04 JST
Sexy Moon
@feld @dweinberger @zaitcev you are absolutely supposed to check government id or you are doing it wrong. -
Embed this notice
Pete Zaitcev (zaitcev@shitposter.club)'s status on Wednesday, 10-May-2023 01:31:04 JST
Pete Zaitcev
@Moon @feld @dweinberger Apropos that, I have a friend, who gets issued official fake government IDs due to the nature of this work. And so, one day, he came to the DMV as usual to get his fake driver licence, and they told him that he now has to have a fake 2nd ID, although a fake SS card works. He had to go to his supervisors and than get SSA petitioned to mint him a fake card, then go get it, come back to the DMV and submit all the papers for the fake DL. The bureaucracy is just getting worse every year. The root cause of it was the Congress passed some law or the other called "Real ID". It stipulated that all IDs, including fake ones, must be backed by 2 other IDs. So if you want to have a fake Real ID compliant ID, you have to preset 2 IDs, which can be fake of course. The only remaining upside of this, aside from needing fake IDs for life safety, is the opportunity to get creative with assumed names.
-
Embed this notice
All GNU social JP content and data are available under the