[cryptography] open letter to Phil Zimmermann and Jon Callas of Silent Circle, re: Silent Mail shutdown

Jon Callas jon at callas.org
Sat Aug 17 14:23:54 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 17, 2013, at 10:41 AM, ianG <iang at iang.org> wrote:

> Apologies, ack -- I noticed that in your post.
> 
> (And I think for crypto/security products, the BSD-licence variant is more important for getting it out there than any OSI grumbles.)

Thanks. I agree with your comments in other parts of those notes that I removed about issues with open versus closed source. I often wish I didn't believe in open source, because the people doing closed source get much less flak than we do.

> Ah ok.  Will they be writing an audit report?  Something that will give us trust that more people are sticking their name to it?

I get regular audit reports, and have since last fall. :-)

I haven't been putting them out because it felt like argument from authority. Hey, don't audit this yourself, trust these guys!

Moreover, those reports are guidance we have from an independent party on what to do next. I want those to be raw and unvarnished. If they're going to get varnished, I lose guidance and I also lose speed. A report that's made for the public is definitionally sanitized. I don't want to encourage sanitizing.

It's a hard problem. I understand what you want, but my goal is to provide a good service, not a good report.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1

wj8DBQFSD7+7sTedWZOD3gYRAtF4AJ4+feoP9wGq6s1Zni9ZhS6aiJx1YwCgwOiy
GHaj1lPMi8gBm3XDSvorr9U=
=HWhT
-----END PGP SIGNATURE-----


More information about the cryptography mailing list