https://tools.ietf.org/html/rfc6973
This document offers guidance for developing privacy considerations
for inclusion in protocol specifications. It aims to make designers,
implementers, and users of Internet protocols aware of privacy-
related design choices. It suggests that whether any
A naive comment.
In his first email Zooko states:
S4 offers “*verifiable* end-to-end security” because all of the source
code that makes up the Simple Secure Storage Service is published for
everyone to see
A suspicious user may wonder, how can he be sure that the service
indeed uses the
Considering that it's designed to not trust the servers in the first
place (just your gateway, which often will be part of your own client
or otherwise run locally), it's not all too hard. If you've verified
the client, then you can be sure your data is secure.
2013/8/29 Nikos Fotiou
On 29/08/13 at 03:09pm, Nikos Fotiou wrote:
A suspicious user may wonder, how can he be sure that the service
indeed uses the provided source code. IMHO, end-to-end security can be
really verifiable--from the user perspective--if it can be attested by
examining only the source code of the
On Thu, Aug 29, 2013 at 02:44:37PM +0200, danimoth wrote:
On 29/08/13 at 03:09pm, Nikos Fotiou wrote:
A suspicious user may wonder, how can he be sure that the service
indeed uses the provided source code. IMHO, end-to-end security can be
really verifiable--from the user perspective--if it
On Sat, Aug 24, 2013 at 09:18:33PM +0300, ianG wrote:
I'm not convinced that the US feds can at this stage order the
backdooring of software, carte blanche. Is there any evidence of
that?
(I suspect that all their powers in this area are from pressure and
horse trading. E.g., the