The part you're missing is that Bitcoin is totally fine if it never changed from how it is today. Anonymity will come via Tumblebit. Lightning network can already work even without segwit.
Segwit never getting activated may even be a good thing. It will show everyone that Bitcoin has crystalized and can never be changed via petty human emotion. This was always Bitcoin's true selling point and we may be about to demonstrate it.
Yes that's the issue here, the miners are playing politics by trying to flex their power. But no one is willing to play petty games. There's an obvious win for everyone sitting on the table ready to go. Political games will be ignored.
You can play semantical games but segwit gives about 2x onchain capacity. And the only thing holding it up is a group of chinese miners/pools. Anyone truly wanting more onchain capacity should be engaging those miners/pools.
Of course that's not really what people bitching about tx fees want.
Segwit requires 95% of miners to activate. Currently about 75% of hash power is controlled by a group of chinese miners/pools. This is about the % of hashing power that is missing for Segwit to activate.
If Eric was serious about this he would have targeted this post at chinese miners who are stalling on activating segwit (which is a 2x blocksize increase and the foundation for instant & nearly free txs via the Lightning Network).
Shares are valued by people based on three things. Future direct cash you receive from the company based on the shares you hold (e.g. dividends/distributions and share buybacks). Voting power (i.e. control) in the company based on the shares you hold. And finally the ability to sell the shares you hold on the open market in the future (i.e. price speculation). Issuing more shares (usually) directly affects (i.e. dilutes) #1 and #2. But #3 is not directly affected in any way.
Yes I get that, I think there is a new DH for almost every message, much better than TLS. The problem is we have no idea what the NSAs abilities are in terms of actual cryptanalysis/cracking, but we do know that they have an immense desire for it.
RFC 3526 puts the low end of the 1536 bit group's strength at 90 bits. If some unknown weakness was found that lowers that significantly that doesn't leave things very safe.
I believe the weakest link in OTR is its Diffie-Helman key exchange. If you break that you get the symmetric key and can decrypt everything passively. OTR has been using a 1536 bit modulus for its Diffie-Helman exchange since 2004 [1] (The weakest one from RFC 3526 [2]). Seems they are still using the same one today.
In 2004 this was probably a fine choice, especially considering the tradeoff between CPU processing (usability) and security. But considering the NSA scandal, specifically them recording all encrypted communications forever, and Bruce Schneier increasing his key lengths [3], and the ability for CPUs to process higher keylengths without any noticeable slowdown, I don't feel confident it is strong enough today.
Other than this gripe OTR is amazing and everyone should be using it.
Edit: xnyhps's post [4] concludes that only a single "cracking" of the 1536 bit group would need to occur to then decrypt any past or future OTR conversation "instantly".
All the supported curves in TLS are most likely influenced by the US government (NIST, ANSI, and SECG). So we don't really have an option to use curves with a non-US provenance.
No, the DHE/ECDHE (ephemeral key exchanges) don't protect against MITM, it protects against passive dragnet decryption. But the RSA/ECDSA/DSS part (certificate signing) does. All TLS ciphersuites include certificate signing to protect against MITM, but not all include ephemeral key exchange.
TLS_RSA_WITH_AES_256_CBC_SHA256 is not forward secret (if you have the certificate private key you can passively decrypt all past/future sessions) so removing it is a great idea. I'm only responding to what you said and not making a judgement about the rest of the guy's suggestions.