ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

2013-09-07 08:40:23
from [Phillip Hallam-Baker] [Permanent Link] 
On Fri, Sep 6, 2013 at 6:02 PM, Tim Bray <tbray(_at_)textuality(_dot_)com> 
wrote:


How about a BCP saying conforming implementations of a wide-variety of
security-area RFCs MUST be open-source?

*ducks*



And the user MUST compile them themselves from the sources?

Nobody runs open source, (unless its an interpreted language). They run the
compiled version and there is no infrastructure to check up on the
compilation.

Nor does being open source provide any additional security, only review
provides security and it is hard enough getting people to review other
people's code when you pay them to do that. Expecting people to spend their
time reviewing other people's code for fun is naive. Kerberos had a major
architectural flaw that went unnoticed for over a decade.





-- 
Website: http://hallambaker.com/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Conclusions of Last Call for draft-ietf-spfbis-4408bis, Pete Resnick
Next by Date:  Re: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Masataka Ohta
Previous by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Patrik Fältström
Next by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, ned+ietf
Indexes:  [Date] [Thread] [Top] [All Lists]