----- Original Message -----
From: "Brian Wolff"
<bawolff(a)gmail.com>
Thanks for taking the time to write these two emails.
You raise an
interesting point about having everything on one domain. I really
don't think that's practical for political reasons (not to mention
technical disruption), but it would allow people to be more lost in
the crowd, especially for small languages. Some of the discussion
about this stuff has taken place on bugzilla. Have you read through
https://bugzilla.wikimedia.org/show_bug.cgi?id=47832 ?
I should think we might be able to run a proxy that would handle such
hiding, no?
Personally I think we need to make a more formal list
of who all the
potential threats we could face are, and then expand that list to
include what we would need to do to protect ourselves from the
different types of threats (or which threats we chose not to care
about). Some kid who downloads a firesheep-type program is very
different type of threat then that of a state agent, and a state agent
that is just trying to do broad spying is different from a state agent
targeting a specific user. Lots of these discussion seem to end up
being: lets do everything to try to protect against everything, which
I don't think is the right mindset, as you can't protect against
everything, and if you don't know what specifically you are trying to
protect against, you end up missing things.
Definitely: the potential attack surfaces need to be explicitly
itemized.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra(a)baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates
http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274