[governance] Maybe something good might come out of all of this

Carlos A. Afonso ca at cafonso.ca
Tue Jul 23 07:47:00 EDT 2013


OK, educating people -- we propose this every time we confront a
complicated issue like this. And the result will unfortunately retain
the vulnerabilities, since people are actual humans with diverse
understandings, behaviors, commitments etc.

The same vulnerabilities which might happen with an effort to create an
independent certifier... But should we then throw everything away and
just go plant tomatoes (or, in Europe, apples)?

--c.a.

On 07/23/2013 07:40 AM, Daniel Kalchev wrote:
> 
> On 23.07.13 13:22, Carlos A. Afonso wrote:
>> There should be a way to do independent certification.
> 
> Like there is today, with proprietary code?
> 
> What good is a certification, when the certifying party has received an
> GAG order from some three letter agency? Or the certification party is
> corrupt?
> 
> There is no escaping this, as long as a "government agency" has
> superpowers.
> 
> Also, about Open Source: remember the claims that NSA has planted
> backdoors in the IPSEC implementation in OpenBSD?
> 
> My take on all this is that security does not happen because we mandate
> everyone uses certain code -- as this is exactly the path to having that
> code compromised. Security comes from educating people that it is all in
> their very own hands and that nobody, no Government, no civil society
> organization, nobody but they themselves can secure their own life.
> 
> Sorry to pour this much cold water :)
> 
> Daniel
> 
>>
>> --c.a.
>>
>> On 07/23/2013 07:20 AM, Norbert Bollow wrote:
>>> Ian Peter <ian.peter at ianpeter.com> wrote:
>>>
>>>> You would know that you started with a verified backdoor-free
>>>> hardware platform.
>>> Ok, so let's say that there is verified backdoor-free source code for a
>>> chip and a company that claims to produce chips corresponding to that
>>> source code.
>>>
>>> How can that claim be independently verified by third parties?
>>>
>>> Greetings,
>>> Norbert
>>>
> 
> 

-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list