On Tue, Jan 4, 2022 at 11:11 PM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
On Tue, Jan 4, 2022 at 9:59 PM Christopher Morrow <morrowc.lists@xxxxxxxxx> wrote:On Tue, Jan 4, 2022 at 6:02 PM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:As for requirements analysis, sure, I have done a lot.great! then you can point to a document? paper? presentation? git repository?I am building an infrastructure that supports every mode of communication.excellent. Requirements though?I circulated them three years ago before I started writing the code.
oh cool, thanks!
Alice meets Bob, they bump phones, they have each other in their contacts catalog.Alice wants to phone Bob, she selects his contact, selects phone and a voice call is set up. Alice wants video, she selects video. Wants to send a short message, long message, 30TB of video, same interaction.Every interaction, secured by end-to-end encryption and authentication.Every interaction, subject to access control driven by the same policy source.sounds nice. This sounds, though, like something a bunch more integrated into the lower levelsof the OS which the user is using on whatever device(s) they are interacting through. Or, it seemsas though putting a bunch of this into the OS and letting 'applications' hook through APIs to enablethis sort of functionality is a direction to look at. Maybe you've already covered that in your
analysis/requirements?Ideally, right into the silicon. And if people start using the Mesh at the application layer, it is designed as a platform, it would be logical to absorb it into the platform layer.I designed the Mesh to make it possible for an application to make use of a HSM built into the device by an untrusted source. Not because Intel/ARM etc. are untrustworthy but because 1) maintaining a trustworthy supply chain is really expensive and 2) even if the US military considers Intel trustworthy, the Chinese military might not.
sure. your point is that: "in the infra, yes" ok :) that makes sense to me as a goal.
I really do think that the partial space you've described would be awesome to have a solution to,I don't think that individual 'applications' are a solution, though, it really does sound like infrastructureand apis which the various applications can take advantage of, seamlessly.I am one person, albeit with extensive resources. In the space of three years I have redesigned the entire application layer of the Internet starting from the proposition 'what if we started from scratch knowing what we know now'. I have running code that passes the unit tests for the initial deployment so we can test it out in something close to the real world.The last time I did something similar was in 1998 when I designed the Trust Assertion XML Infrastructure for VeriSign where they asked 'what would PKI look like if we redesigned it from scratch'. Nobody ever used TAXI but the assertion infrastructure became the A in SAML.
funny, I actually thought taxi was getting pretty decent use in SEIM deployments... or at least 'security event exchange'.
Dream small and you will never do anything of consequence. SMTP and the telephone system are dying. Many, many proprietary walled gardens have been successfully created. The notion that an open system could also succeed in the same way they have succeeded is not 'tilting at windmills', it is the only job that is worth our time here.you seem really fired up, that's great, I think my original question about: "Hey, got requirements?"was really an attempt to get away from the particular 'better than X' and 'y is a fail because!' and somevery over-the-top language, trying to get back to:
"This is the problem(s) I see, here are the things I think we need to do to fix these problems"
instead of the other conversation.The demo reel will cover that.
ok thanks, really.
maybe now less tilting and more progress!
maybe now less tilting and more progress!