[jdev] manifesto 0.4

Alexander Holler holler at ahsoftware.de
Thu Nov 7 23:13:14 UTC 2013 

Am 07.11.2013 23:36, schrieb Marco Cirillo:
> Il 07/11/2013 22:20, Alexander Holler ha scritto:
>> I nevery said I don't want that my communication is secret and I never
>> said that I don't care about security. I just have said that I don't
>> care if the communication I do through XMPP on my little server uses
>> strong encryption. And no word about security.
> That's legit to not care, but ultimately the manifesto is about caring...
>> And that doesn't mean that I don't care about my privacy, in fact a
>> care a lot, I'm just not that silly to think that I could use XMPP for
>> that whithout P2P encryption. That's a whole different thing than you
>> want to imply.
> Good, but using weak security "channel" wise would mean leaving still
> only one layer and no matter what the main encryption's semantic is that
> it's a reversible process. Perhaps, the "(stronger) more the merrier".

Another which didn't understood.

I just said want to be able to use weak security. It's about having the 
choice.

Maybe because I don't need strong encryption or mabye because I have 
devices which are unable to use strong encryption, maybe because of ...

There might be a lot of reasons why I might not want or why I might be 
unable to use strong encryption on a specific server, device or whatever.

>
> ... I'll avoid commenting the last message, except that as long as your
> server is located in country where there's a state of right and not some
> dictatorship you should not worry about your private keys (because
> that's the *kind* of keys needed after all), or another property of
> yours, for that mean, being handed to someone else "without you noticing".
> Also I ultimately prefer to look at facts, rather than what "seems to
> be" :).

If I do look at the facts, there are those special letters. And if you 
don't have physical control about your server (e.g. if you don't sleep 
besides it), those letters enable some unnamed government to get your 
keys without you noticing it, except if you have secured them by a 
passphrase or similiar you would have to enter whenever you start a 
service. (That means they can e.g. show such a letter to whoever 
physically protects your server and then you are compromised). And those 
letters do compromise all the CAs in that country too. And it doesn't 
help me, if that country isn't a dictorship when that country feels free 
to handle everyone from the outside like a possible terrorist, outlaw or 
human without rights.

Anyway, now it's really enough. I feel like I've ended up in a 
kindergarten with a lot of people which seem to have become angry 
because I did say something against a small part of their toy and which 
do prefer to play the three monkeys and which like to turn my words in 
my mouth into something I never said.

Sorry to the serious people which do read this list, you aren't meant.

Alexander Holler

More information about the JDev mailing list