On Sat, 29 May 2010, Chad Perrin wrote:
I talked to Moxie in #whispersystems today. He is *not* intending to release either RedPhone or TextSecure under the terms of an open source license. He only means to make it available under the terms of a license that allows *auditing* the source code. I find that pretty disappointing, but it's better (for security purposes) than just keeping the source code entirely under wraps (as long as you trust him to use the source you can actually audit in his distributed applications).
But what's in it for the auditors? If he does not want to play with the open source resources, why would the open source community help him out audit his code? There are perfectly fine auditors you can buy if you are a commercial company. I'm said he choose to go that way. As for redphone, I guess I just don't like the zphone "hack". I prefer a real protocol over a "hook into existing protocols" hack. And we have protocols that work fine for encrypting voice of streams. zphone is meant to "catch" proprietary sip implementations and encrypt them. If you start from scratch, you might as well just encrypt your sip stream. Paul _______________________________________________ OTR-users mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-users
