On Thu, Jul 10, 2014 at 4:45 PM, John Young <j...@pipeline.com> wrote:
> This is the comsec dilemma. If a product or system becomes mainstream > it is more likely to be overtly and/or covertly compromised. This is why it's important the client is open source, the binaries are reproducible, and the encryption is end-to-end. Silent Circle is halfway there: most of the source code is available, but last I heard not all the pieces were there and people weren't able to build it (perhaps that changed?) Clearly OpenSSL is a great demonstration that many eyes don't make bug(door?)s shallow, but if the source is available, it's certainly something that can be used to build trust in a system.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography