[cryptography] Silent Circle Takes on Phones, Skype, Telecoms

shawn wilson ag4ve.us at gmail.com
Fri Jul 11 01:42:12 EDT 2014


On Thu, Jul 10, 2014 at 10:52 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Thu, Jul 10, 2014 at 4:45 PM, John Young <jya at pipeline.com> wrote:
>>
>> This is the comsec dilemma. If a product or system becomes mainstream
>> it is more likely to be overtly and/or covertly compromised.
>

I don't find this a dilemma - I don't use immature projects because
they haven't had time prove themselves and get stress tested. I like
the idea of LibreSSL but won't use it for at least 3 years (if it
gains traction).

> Clearly OpenSSL is a great demonstration that many eyes don't make
> bug(door?)s shallow, but if the source is available, it's certainly
> something that can be used to build trust in a system.
>

I don't think that's a good example at all. I think OpenSSL's issue is
feature bloat without enough time for code audits.


More information about the cryptography mailing list