On Tue, Sep 10, 2013 at 6:22 PM, Paul Kyzivat <[email protected]> wrote:
> On 9/10/13 4:01 PM, Hannes Tschofenig wrote: > >> On 10.09.2013 22:37, Phillip Hallam-Baker wrote: >> >>> >>> >>> >>> On Tue, Sep 10, 2013 at 3:30 PM, Hannes Tschofenig >>> <[email protected] >>> <mailto:hannes.tschofenig@gmx.**net<[email protected]>>> >>> wrote: >>> >>> Open source is certainly only one market, although important in the >>> security context when I think about all the libraries. >>> >>> Needless to say that many products are not open source and we would >>> want to encourage them to get better as well (as we did with the >>> IPv6 day). >>> >>> Maybe we need a "Crypto Day". >>> >>> >>> My proposal is to turn 'PRISM-Proof' into a marketing seal for products >>> and services that can demonstrate that they are free from intercept >>> capabilities. >>> >> >> I have no expertise with designing seals. What specifically would that >> mean? Would a Webpage or a smart phone app show such a seal? Who would >> verify it? Would there be some assessment? If so, by whom? Who would pay >> for it? >> > > Me either. > ISTM that you need to convince the NSA to give out these seals. :-) > Anyone who could show that there was a vulnerability should be listened to. But as I pointed out to my government contacts, at this point it is clear that the NSA has completely failed at its mission to protect US government secrets. They have lax internal controls and people like Snowden have access way above their rank and need to know. So I would bet the information assurance side of NSA is actually quite interested in fixing their problem and the intercept side is going to be in so much confusion and disarray that they are unlikely to be in a position to influence matters for many years. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
