Not OP, but I sense perhaps a limitation of HN; articles with comments where the <i>comment</i> is the submission get conflated with submissions about the article itself.<p>(EDIT: the submission's URL has now been changed from a particular reddit comment at <a href="https://www.reddit.com/r/crypto/comments/5m0zpo/moxie_marlinspike_receives_rwc_levchin_price_2017/dc11s2h/?sh=c7c0de08&st=IXZ2E3ZY" rel="nofollow">https://www.reddit.com/r/crypto/comments/5m0zpo/moxie_marlin...</a> to a different announcement about the prize. The rest of my post as it originally stood follows.)<p>Reproducing the subject matter of the submission for discussion's sake:<p><i>dionyziz says:</i><p><i>I think Moxie decided not to be recorded for his acceptance speech. He said something very nice during his speech however, and I'll try to phrase it like he did:<p>If you watch videos of politicians giving speeches in the 1930's, you observe the fascist leaders who gladly accept an applause from the audience because they have earned it. They feel they are responsible for it, that they are the creators of history. On the contrary, if you observe a communist leader, they will applaud with the audience in every chance. This is because they have a different belief system, that of historical materialism, that history is a force of its own, unstoppable and inevitable, that drives what is happening in the world equipped with the momentum of what has happened in the past. These leaders feel they are simply the bearer of history, the tool that history chose to run its course, so they applaud together with the audience for history.<p>Similarly, today, we have a similar force, and that is technology. I once had the chance to meet Mark Zuckerberg. When I met him, a thought occurred to me: I could, right there... kill him. [audience laughs] I never thought I would get so close. But would that really change anything? Us technologists are the bearers of technological momentum. We make things happen, because the time has come for them to happen. And now is the time for strong encryption and crypto.<p>[audience applauds together with Moxie]</i>
Moxie Marlinspike and Trevor Perrin. Most of the novel cryptography in Signal Protocol is Trevor's; it's good for people to know who he is.<p>Reprising a previous thread:<p>The prizes went to Joan Daemen, for AES and SHA-3 (on stage, Levchin pointed out that his interest in cryptography had been piqued by a xeroxed copy of DES when he was in school, and that it was an honor to present an award to one of the people who replaced the DES), and --- more notably, I think --- to Moxie Marlinspike and Trevor Perrin for their work on Signal.<p>Last year's winners were Phil Rogaway (a cryptographer of repute comparable to that of Daemen) and the miTLS team (of Triple Handshake, SMACK, FREAK, Logjam, and SLOTH fame).
Mods: a more appropriate title is "Moxie Marlinspike and Trevor Perrin win 2017 RWC Levchin Prize for Signal", and a more appropriate link would be to pretty much anything but an individual Reddit comment; how about this one?<p><a href="https://www.linkedin.com/pulse/2017-levchin-prize-real-world-cryptography-max-levchin" rel="nofollow">https://www.linkedin.com/pulse/2017-levchin-prize-real-world...</a>
While applauding the stated mission of Open Whisper Systems to make cryptography usable by large numbers of people I think it is fair to hold Moxie & Co. to the same high standards to which they held PGP: <a href="https://moxie.org/blog/gpg-and-me/" rel="nofollow">https://moxie.org/blog/gpg-and-me/</a><p><pre><code> The journalists who depend on it struggle with it
and often mess up (“I send you the private key to
communicate privately, right?”), the activists who
use it do so relatively sparingly (“wait, this thing
wants my finger print?”), and no other sane person
is willing to use it by default. Even the projects
that attempt to use it as a dependency struggle.
</code></pre>
Breaking this up into constituent parts and trying to guess whether those standards are met seems to leave us somewhere in this territory:<p>1) Journalists communicating with WhatsApp struggle with it and mess up.<p>Given the confusion around under what circumstances one can communicate securely with WhatsApp ("Is it OK if I have two checkmarks? Is it OK because Facebook would never let a government have access to the RedPhone part?")<p>2) Activists who use WhatsApp do so relatively sparingly. I have no idea on this one. I hope they're using Signal and/or GPG with all their attendant bother, complexity and confusion though.<p>3) No other sane person is willing to use WhatsApp by default. Hmmm.. more confusing value judgements. Is someone that uses a communication method open to abuse by corporations and governments "sane"?<p>4) Dependency struggle. AFAICS no other projects can piggy-back off WhatsApp because it's proprietary and closed. So the user base can't scratch their own itches. OK, so what about Signal? Sounds like the dependency on Google Cloud Messages and Play Services can be hacked around with great difficulty.<p>I dunno. Fair play to Moxie and Perrin for what they've done, but so far GPG looks like a better bet for actual secure end-to-end communication, using an already existing, widespread distribution mechanism which is widespread and redundant: email.<p>Reports of GPG's death may have been grossly exaggerated.