On Tue, Sep 10, 2013 at 4:01 PM, Hannes Tschofenig < [email protected]> wrote:
> On 10.09.2013 22:37, Phillip Hallam-Baker wrote: > >> >> >> >> On Tue, Sep 10, 2013 at 3:30 PM, Hannes Tschofenig >> <[email protected] >> <mailto:hannes.tschofenig@gmx.**net<[email protected]>>> >> wrote: >> >> Open source is certainly only one market, although important in the >> security context when I think about all the libraries. >> >> Needless to say that many products are not open source and we would >> want to encourage them to get better as well (as we did with the >> IPv6 day). >> >> Maybe we need a "Crypto Day". >> >> >> My proposal is to turn 'PRISM-Proof' into a marketing seal for products >> and services that can demonstrate that they are free from intercept >> capabilities. >> > > I have no expertise with designing seals. What specifically would that > mean? Would a Webpage or a smart phone app show such a seal? Who would > verify it? Would there be some assessment? If so, by whom? Who would pay > for it? > Step one would be to establish a set of standards that PRISM-Proof tech would have to meet. For example a PRISM-Proof email scheme would have to meet the key generation criteria that I outlined and support S/MIME message format with some new key discovery mechanism with Certificate Transparency properties (spec to follow). The composition of a board to decide on the properties etc. is secondary since any such set of specs would have to meet the usability criteria and at least some of the tin foil hat criteria. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
