there is a lot of
fear that any real
enforcement of Do
Not track might
end up destroying
revenue model for
the Web economy.
i don’t think we
are likely to see
enforcement in any
form anytime soon.
eryone would just continue to be stuck
with the same old mess as before.
GN-N: How would that actually work?
JG: CAs would be converted into
notaries, and then the browser user
would choose which notaries to trust.
If any of those notaries were to become
untrustworthy for any reason, the user
could easily remove the trust indicated
for that particular notary. That’s very
important because in the current CA
model it’s very difficult—if not impossible—to withdraw trust from any one
CA without breaking the Web, which
makes things very challenging.
One of the major criticisms [computer security researcher] Moxie Marlinspike (a pseudonym) has raised
about the CA model has to do with this
lack of trust agility. That is, whomever
we decide to trust, we’re then obliged
to trust forever. Still, Moxie and the
team responsible for introducing the
Convergence plugin say they have taken the idea about as far as they can, and
the browser vendors now need to take
it the rest of the way, but the browser
vendors seem pretty disinterested.
GN-N: The biggest problem with the
Convergence model is that it trusts the
user to do the right thing, but most users will just do whatever they’re told.
JG: Maybe this is naive on my part,
but I think users have a pretty good
idea of whom they trust and whom
they would like to trust and whom they
know they’re not about to trust.