On 20 May 2013 17:35, Nico Williams <n...@cryptonector.com> wrote: > On Fri, May 17, 2013 at 6:06 AM, Ben Laurie <b...@links.org> wrote: >> On 17 May 2013 11:39, <d...@geer.org> wrote: >>> Trust but verify is dead. >> >> Maybe for s/w, but not everything: >> http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf > > Which requires s/w. Infinite loop detected. > > :) > > More seriously, we can't detect all backdoors before using the > software, but at least we can fix the ones we find if we have > suitably-licensed source.
As I've mentioned before, you can use the transparency concept to at least verify that the s/w you are running is the same s/w as others are running (and hence have had a chance to verify). _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography