Do We Need an Alternative to HTTPS and TLS?

“Do We Need an Alternative to HTTPS and TLS?”  This question came up in the Personal Clouds list recently.  Thanks to the well publicized problems with Certificate Authorities, variations on this question are a common theme among many of the communities in which I participate.  The CA has become the whipping boy for all the ills of authentication and network security.  Let’s just get rid of it, right?  It’s not that simple.

[Read more…]

Names matter more than you might think

Patrick McKenzie’s blog post Falsehoods Programmers Believe About Names raises some interesting questions about online identity.  He writes: “So, as a public service, I’m going to list assumptions your systems probably make about names.  All of these assumptions are wrong.  Try to make less of them next time you write a system which touches names.”

He then provides a 40-point list of ways in which computer systems break human names acknowledges it is an incomplete list, and asks readers to provide additional examples.  The most egregious item on his list, [Read more…]