[Info-vax] [OT] Zero trust software, was: Re: Rethinking DECNET ?
Bill Gunshannon
bill at server3.cs.scranton.edu
Tue Sep 2 11:04:45 EDT 2014
In article <lu0db2$632$3 at dont-email.me>,
Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
> On 2014-08-31, johnwallace4 at yahoo.co.uk <johnwallace4 at yahoo.co.uk> wrote:
>>
>> Then a few years later there was the emergence of the business and
>> consumer Internet, with lots of people wanting connectivity and none
>> really wanting to pay much for it, or realising the implications of
>> doing it badly/on the cheap. What's the answer back then, from an ISP
>> point of view? RFCs, zero-cost software (largely starting with zero
>> trust too) and hence we now have an IP-centric world full of spam
>> and other such delights.
>>
>
> The zero trust comment is interesting, post-Snowden.
>
> Given some of the things which have been going on, how do you know
> closed source software from American (or British) companies is free
> of backdoors ?
Or Russian? Or Chinese? And the list goes on and on and on.
Remember reading about how VeriSign gave keys to the NSA? I remember
asking people over 10 years ago why I, or anyone, should trust their
certificates over self-signed ones.
>
> And before you think that's paranoia, don't forget about the issues
> around RSA.
And VeriSign.
>
> At least with open source software, you stand a chance to audit it.
> Yes great big security holes leak through undetected (Heartbleed, I'm
> looking at you) but at least you stand a chance.
>
> Do you have the same chance with closed source software ?
Open SSL?
bill
--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
billg999 at cs.scranton.edu | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
More information about the Info-vax
mailing list