ietf
[Top] [All Lists]

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

2013-09-06 17:03:23
How about a BCP saying conforming implementations of a wide-variety of
security-area RFCs MUST be open-source?

*ducks*


On Fri, Sep 6, 2013 at 2:34 PM, David Conrad <drc(_at_)virtualized(_dot_)org> 
wrote:

On Sep 6, 2013, at 2:06 PM, Måns Nilsson 
<mansaxel(_at_)besserwisser(_dot_)org>
wrote:
Right, because there's no way the NSA could ever pwn the DNS root key.
It is probably easier for NSA or similar agencies in other countries
to coerce X.509 root CA providers that operate on a competetive market
than fooling the entire international DNS black helicopter cabal.

Probably the wrong place to apply the paranoia. How much do you trust the
AEP Keyper HSM tamperproof blackbox hasn't had a backdoor installed into it
at the factory?

Audit and open source seem to be good starting points.

Where feasible, sure. Unfortunately, the rabbit hole is deep.  How many
billions of transistors are there in commodity chips these days?

Regards,
-drc


<Prev in Thread] Current Thread [Next in Thread>