[governance] Maybe something good might come out of all of this

[Daniel Kalchev]

On 23.07.13 13:22, Carlos A. Afonso wrote:
> There should be a way to do independent certification.

Like there is today, with proprietary code?

What good is a certification, when the certifying party has received an 
GAG order from some three letter agency? Or the certification party is 
corrupt?

There is no escaping this, as long as a "government agency" has superpowers.

Also, about Open Source: remember the claims that NSA has planted 
backdoors in the IPSEC implementation in OpenBSD?

My take on all this is that security does not happen because we mandate 
everyone uses certain code -- as this is exactly the path to having that 
code compromised. Security comes from educating people that it is all in 
their very own hands and that nobody, no Government, no civil society 
organization, nobody but they themselves can secure their own life.

Sorry to pour this much cold water :)

Daniel

>
> --c.a.
>
> On 07/23/2013 07:20 AM, Norbert Bollow wrote:
>> Ian Peter <ian.peter at ianpeter.com> wrote:
>>
>>> You would know that you started with a verified backdoor-free
>>> hardware platform.
>> Ok, so let's say that there is verified backdoor-free source code for a
>> chip and a company that claims to produce chips corresponding to that
>> source code.
>>
>> How can that claim be independently verified by third parties?
>>
>> Greetings,
>> Norbert
>>


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t