> From: Martin Sustrik <sustrik@xxxxxxxxxx>
> Isn't it the other way round? That exactly because IETF process is open
> it's relatively easy for anyone to secretly introduce a backdoor into a
> protocol?
> ...
> With IETF standard there can very well be several unknown backdoors
> introduced by different parties, so it's never safe.
Iff enough people are _carefully_ reviewing specs, that ought to find all the
backdoors. An open process does have potential issues, but it's also the one
with the best chance of producing a 'good' product.
> That being said, wouldn't it make more sense to admit that IETF is not
> a good platform for devising, say, crypto protocols and act accordingly
> (use 3rd party protocols ...)?
You mean, trust another entity, which might have been suborned? How are they
less likely to have produced something without backdoors than the IETF?
Noel