1. 35

  2. 14

    Happy to see discussion of the age design. I replied on the age-dev mailing list.


    tl;dr: we seem to disagree on what users should want from age—confidentiality or also authentication—and that would lead not only to different design choices, but to drastically different UXs.

    1. 2

      The writing in this article is so muddled I’m having a hard time figuring out what exactly the author is trying to say. Also makes me doubt I should trust them on the subject. What do our resident crypto experts think?

      1. 2

        How do you even go from “I can’t figure out what author is saying” to “therefore I think I shouldn’t trust them”?

        1. 5

          Inability to express one’s thoughts on a subject in a clear way is a sign of poor grasp of the subject. It would certainly affect my trust in person’s competence. Maybe that’s what GP had in mind writing his post.

          1. 1

            This axiom fails when you’re reading on a complex topic you’re not an expert in. If a scientist versed in the field were commenting on some novel quantum computing idea, chances are I would not be able to understand his comments. That’s an indicator of my abilities, not scientist’s. Requesting that he expressed himself in a way I could understand would be, IDK, lazy? Entitled? I’m not the target and he has no obligation to satisfy my curiosity.

            In this case age’s author was able to grasp and respond to the post we’re discussing so clearly this wasn’t an garbage comment from someone you shouldn’t trust.

            I’m a sample of one and I’m def not in crypto circles but I a) could understand this blog post, b) noticed that Filippo and Neil have different ideas of what scenarios age should cover. Part of this is probably due to spec being outdated at places (something Matthew Green is working on) which explains but doesn’t justify the state of age documentation.

          2. 1

            Hmm, seems I failed to get my point across? But, roughly:

            I’m focusing on the author not expressing their thoughts clearly, not on my failure to understand what they’re saying. (I might be wrong here, of course! Though I think I’m decent at judging whether I don’t understand something primarily because it’s hard, and when it’s because of form of expression.)

            The next step is that I believe that unclear writing goes hand in hand with unclear thinking. I’d rather take my crypto advice from someone who I trust to analyze such problems precisely.

            1. 0

              “The next step is that I believe that unclear writing goes hand in hand with unclear thinking.”

              Sure, just like mess on the desk indicates mess in the head. Good thing that my desk is clean.

              Seriously though, this is not how things work. I’d take well written tech book over a convoluted one, sure, but extrapolating the quality of writing to the quality of thought is just wrong. I’d go with an example but the only one that comes to my mind right now violates Godwin’s law.

              1. 1

                Sure, just like mess on the desk indicates mess in the head. Good thing that my desk is clean.

                Come on, really?

                Here’s a good article that was shared here recently on the importance of writing and its intimate relationship to thinking: It’s time to start writing. (As a side note, if we accept this, this might be where non-native speakers are most disadvantaged given the dominance of English in tech and elsewhere.)

                And yes, this is how it works, at least for me: I apply a variety of filters that determine how I value things I read (and how much effort I put into making sense of them). For example, an article might get a bonus if it’s posted here compared to somewhere I deem to have a lower signal-to-noise ratio; or if it gets upvoted; or someone posts an interesting comment… And writing style is one of the factors. Experience tells me it’s a useful indicator.

                Of course I’m open to putting in the effort if other factors convince me that there’s something there. Which is part of the motivation for my original comment: My aim was not to disparage the author’s writing style, but primarily to invite other readers to change my initial judgement. Secondarily, to express that I believe writing style is important, in the hope of encouraging others to focus on this, too. I don’t want to attack the author, nor am I trying to provoke reactions like yours, but I’m willing to risk those.

                1. 1

                  I’m not disagreeing that for many of us writing things down (and rewriting them multiple times) helps in organizing mental model of something. But that doesn’t mean that disorganized writing indicates chaotic or otherwise wrong mental model. This is your initial implication and it is as wrong now as it was back then.

                  Implication (p->q) can’t be used to prove conversion (!p->!q) but it can be used to prove contraposition (!q->!p). It’s fair to say that if you don’t have the right mental model you can’t explain something clearly. But you can’t say that inability to explain something (in writing or otherwise) indicates unclear thinking. Or I should say: sure you can do that, it’s just not true.

        2. 0

          I think the big takeaway is that more people need to be aware that even where cryptography primitives are composable, their security guarantees are not. It’s time we started getting as serious on not reimplementing cryptography applications as well as algorithms (a la NaCl).