|
I concede your argument. I think the Linux kernel is fundamentally sound; that most computer troubles result from other elements -- stuff that's attached, one place or another. Mr. Torvalds is noted for being very fussy protecting his kernel; he's not going to allow anyone to merge a patch that has not been checked and approved. this doesn't mean an error can't sneak through; still Torvalds and company have been doing a good job in this regard. there was a very interesting article this morining on WaPo related to this; which also contains many interesting links, many regarding various trouble spots, treating the whole of the internet as the "Big Picture" . recognizing the hazzards inherrent in such a monumental construction as is the internet I think leads to a quest for simplification; and in this I think the proper approach is to address security in the endpoints. this wouldn't mean other areas should be ignored; rather it means that for most of us the end points are an area we can address I think the proper approach is to (1) use a secure operating system,, and (2) insist on proper authentication of transmittals. In the latter the concept of Public Key Encryption is critical as we now find ourselves operating in a compromised environent: our traditional identifications -- name, address, date of birth, social security number, finger prints, retina scans, dog's name etc -- are all "pwned" by DarkNet dealers . the interesting thing then is that where a secure O/S is available at the endpoint the Secret Key and Key Phrase required for public key encryption -- can be protected; and this is a necessary condition to making public key encryption effective. and by observation -- to providing reliable authentications in a compromised digital network environment with this in mind I hope you -- and the GnuPG folks -- will continue their excellent efforts to provide computer users with critically needed components. thanks for writing! On 07/15/2015 10:51 AM, Robert J. Hansen wrote: No, they're not. You're talking about a unicorn here. There is absolutely no operating system that meets this definition. To do this, the entire OS would need formal Floyd-Hoare proofs from soup to nuts.Some years ago there was a big hubbub at USENIX because someone (Felten?) had formally proved the correctness of an AES256 implementation. This was considered a heroic feat of hacking. The only problem was, nobody had formally proved the correctness of the Java virtual machine his AES256 code was running on, so in reality he'd proved nothing. It was seen as deeply inspiring and deeply Quixotic, all at once. -- /Mike |
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
