leaving aside the more wide-eyed comments in this thread...
On 15/09/13 03:05 AM, coderman wrote:
apply defense in depth, and pair cleared individual work product with
a scrutinizer not so encumbered. call it peer review across trust
boundaries. it is mandatory!
Indeed. Your conclusion might be as above -- all conflicted
contributors must be paired with a non-conflicted contributor.
However, I would caution that (my) experience shows that you also need a
process to ask the implicit questions that allow the conclusion to be
reached. This is not as easy as it sounds, but it is doable.
unfortunately the budgets, skill, and other resources available
outside of five eyes and their industry partners are significantly
smaller...
Right. We likely cannot stop the focussed, resourced-up direct attack.
But, there are things that can be done to deal with the PRISM attack.
As an aside, the system that CAcert uses bears study, we did a good job,
and we dealt with the PRISM attack (so says I). At least, I suggest
that it can be done, something can be done, and there is hope that a
reasonable solution can be found -- for the ultimate benefit of all.
iang
ps; I'm writing up the CAcert experiences, amongst 100 other tasks,
therefore slow work.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
