On 17/08/13 00:46 AM, Zooko Wilcox-OHearn wrote:
... This was
demonstrated in the Hushmail case in which the U.S. DEA asked Hushmail
(a Canadian company) to turn over the plaintext of the email of one of
its customers. Hushmail complied, shipping a set of CDs to the DEA
containing the customer's
On 17/08/13 00:46 AM, Zooko Wilcox-OHearn wrote:
We're trying an approach to this problem, here at LeastAuthority.com,
of “*verifiable* end-to-end security”. For our data backup and storage
service, all of the software is Free and Open Source, and it is
distributed through channels which are
On Sat, 17 Aug 2013 12:30:40 +0300
ianG i...@iang.org wrote:
This was always known as the weakness of the model. The operator
could simply replace the applet that was downloaded in every instance
with one that had other more nefarious capabilities. There were
thoughts and discussions about
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 17, 2013, at 2:41 AM, ianG i...@iang.org wrote:
So back to Silent Circle. One known way to achieve some control over their
closed source replacement vulnerability is to let an auditor into their inner
circle, so to speak.
One correction
On 17/08/13 20:08 PM, Jon Callas wrote:
On Aug 17, 2013, at 2:41 AM, ianG i...@iang.org wrote:
So back to Silent Circle. One known way to achieve some control over their
closed source replacement vulnerability is to let an auditor into their inner
circle, so to speak.
One correction of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 17, 2013, at 10:41 AM, ianG i...@iang.org wrote:
Apologies, ack -- I noticed that in your post.
(And I think for crypto/security products, the BSD-licence variant is more
important for getting it out there than any OSI grumbles.)
Il 8/17/13 7:08 PM, Jon Callas ha scritto:
On Aug 17, 2013, at 2:41 AM, ianG i...@iang.org wrote:
So back to Silent Circle. One known way to achieve some control
over their closed source replacement vulnerability is to let an auditor
into their inner circle, so to speak.
One correction of
On 17 August 2013 19:23, Jon Callas j...@callas.org wrote:
On Aug 17, 2013, at 10:41 AM, ianG i...@iang.org wrote:
Apologies, ack -- I noticed that in your post.
(And I think for crypto/security products, the BSD-licence variant is
more important for getting it out there than any OSI
On the somewhat tangential-to-cryptography topic of open versus
closed source, may I suggest that the metrics that address the
question are the classic ones that define availability: mean time
between failure (MTBF) and mean time to repair (MTTR). As you know,
you get 100% availability by
also posted here: https://leastauthority.com/blog/open_letter_silent_circle.html
This open letter is in response to the `recent shutdown of Lavabit`_ ,
the ensuing `shutdown of Silent Circle's “Silent Mail” product`_, `Jon
Callas's posts about the topic on G+`_, and `Phil Zimmermann's
interview
10 matches
Mail list logo