ietf
[Top] [All Lists]

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

2013-09-07 08:12:49
On 7 sep 2013, at 14:33, Jorge Amodio <jmamodio(_at_)gmail(_dot_)com> wrote:

And who certify such agencies ?

Today the governments, and by mutual cooperation.

That said, I think we need a generic way to have oversight over _any_ process. 
Including oversight where the review is done under NDA.

In many countries that kind of oversight is by having (for example in Sweden) 
the Parliament appoint an independent body that do have insight in the police 
wiretap orders. Is that good enough? I do not know.

But that is sort of my point. If we manage to design how to ensure things are 
done as they are announced, then we have solved many of the problems.

   Patrik

-J

On Sat, Sep 7, 2013 at 1:24 AM, Patrik Fältström <paf(_at_)frobbit(_dot_)se> 
wrote:


We do have a program in the world called Common Criteria. That certification 
program includes CCRA (CC Recognition Agreement) that implies that countries 
that run certification agencies agree that what is certified in one country 
by one such certification agency is also viewed as certified in all countries.



<Prev in Thread] Current Thread [Next in Thread>