Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



How about a BCP saying conforming implementations of a wide-variety of security-area RFCs MUST be open-source?

*ducks*


On Fri, Sep 6, 2013 at 2:34 PM, David Conrad <drc@xxxxxxxxxxxxxxx> wrote:
On Sep 6, 2013, at 2:06 PM, Måns Nilsson <mansaxel@xxxxxxxxxxxxxxxx> wrote:
>> Right, because there's no way the NSA could ever pwn the DNS root key.
> It is probably easier for NSA or similar agencies in other countries
> to coerce X.509 root CA providers that operate on a competetive market
> than fooling the entire international DNS black helicopter cabal.

Probably the wrong place to apply the paranoia. How much do you trust the AEP Keyper HSM tamperproof blackbox hasn't had a backdoor installed into it at the factory?

> Audit and open source seem to be good starting points.

Where feasible, sure. Unfortunately, the rabbit hole is deep.  How many billions of transistors are there in commodity chips these days?

Regards,
-drc



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]