[messaging] Proposal: AOL should start offering free SSL Certificates

Tao Effect contact at taoeffect.com
Mon Aug 18 20:50:38 PDT 2014

On Aug 18, 2014, at 8:33 PM, Tao Effect <contact at taoeffect.com> wrote:

> Please point out this "marketing spiel" so I can stop doing it.

Trevor's comments upset me very much. Being accused of spamming a list does not feel good. I asked for an explanation and waited, and when non arrived I only felt worse, so I decided to politely ask Trevor off-list for an explanation.

He replied, and after some back and forth it became clear that he did not read the links in my emails and decided that they contained "no technical content".

Maybe my style of writing or my way of speaking is to blame for this. I asked Trevor to reply publicly on the list but he decided not to, so in case anyone else on this list shared the same concerns as Trevor did, I'll address them publicly here, if not to give closure to this thread, then at least so that others know which of my comments specifically elicited this reaction from Trevor (and perhaps others who chose not to publicly reply).

Here are the items he felt were spammy and the reasons he gave for them:

> You wrote:
> "a near-perfect solution" without explaining the solution

This is untrue, the explanation is clearly linked in the email, and I welcomed questions/concerns:

I believe it is a near-perfect solution to the problems you are outlining, and therefore invite you to read the README:


If you have any concerns about it, I'll do my best to address them.

> "Certificate Transparency does not work" without explaining why

I had linked to detailed explanations. Here's a copy:

Certificate Transparency does not work.
Nor does it perform as advertised. It does not, as it claims, always provide a log of issued certificates and it does not stop MITM attacks:

- http://www.ietf.org/mail-archive/web/trans/current/msg00233.html

- http://okturtles.com/#oktvs

> "non-functioning certificate revocation problem" without explaining
> why it's non-functioning

This is true. I thought this was common knowledge (for this list) so I didn't offer an explanation. The DNSChain readme links to an explanation of this.

It would have saved me emotional pain to have simply been asked for an explanation, instead of being accused of spamming the list.

For the record, here is the relevant explanation that is linked to from the DNSChain readme: https://news.ycombinator.com/item?id=7556909

> "X.509 is fundamentally broken" without explaining why

I did link to an explanation in that same email (to the DNSChain readme).

Here's a video version of that from SOUPS: https://www.youtube.com/watch?v=f3UHd9F-Jm8&hd=1

> "The blockchain is the best known solution" without justification

This is an (educated) opinion based on over a year of researching alternatives, and I did link to a justification (the DNSChain readme).

If that was insufficient, I would've been (and still am) happy to compare the blockchain against any other PKI modification or alternative. Just name it. I've already done this (in part) here:


Finally, Trevor said I was too zealously "flogging" this project. I only mention this as another reason why he felt I was spamming the list. I wish he had told me first off-list first. I did not know he felt this way until he had already publicly declared all my posts as spam. I welcome any pointers on how to avoid giving off this impression.

I apologize not writing longer emails, and for writing in a way that some might have considered spammy. That was never my intention. I am not selling anything. I am just trying to fix a technical problem that impacts the privacy of me and my friends.

A request to Trevor and everyone else on this list: if you *ever* think I am spamming this list, please let me know immediately (off-list preferably), and most helpfully: please directly copy the relevant parts in your email to me so that I can learn how to be a better net citizen.

Greg Slepak

Please do not email me anything that you are not comfortable also sharing with the NSA.

On Aug 18, 2014, at 8:33 PM, Tao Effect <contact at taoeffect.com> wrote:

> On Aug 18, 2014, at 8:29 PM, Trevor Perrin <trevp at trevp.net> wrote:
>> Hi Greg,
>> You're written a long stream of messages today with no technical
>> content, just marketing spiel.  Please don't keep doing that.
> ???
> Please point out this "marketing spiel" so I can stop doing it.
> I had no idea I was giving off that impression.
> I've been linking to technical content and summarizing it. Is the policy to copy/paste it instead?
>> I'll look at your DNSChain / okTurtles website and respond in a
>> separate thread, sometime in the next few days.
> Looking forward to it.
> Kind regards,
> Greg
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140818/6af9d3fa/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140818/6af9d3fa/attachment.sig>

More information about the Messaging mailing list