On Mon, 2 Sep 2013 13:14:00 -0700 "Christian Huitema" <huit...@huitema.net> wrote: > > > > Do we know they produced fake windows updates without > > > > assistance from Microsoft? > > > > > > Given the reaction from Microsoft, yes. > > > > > > The Microsoft public affairs people have been demonstrating real > > > anger at the Flame attack in many forums. > > > > But of course, sufficiently paranoid people might contend that > > perhaps the Microsoft people who complained might not have been > > briefed by the ones who cooperated. > > I would be very surprised if they had gotten any assistance from > Microsoft.
As would I. Not my wider point. My wider point is that the speculation is not helpful, and one probably wants to think about how to make things trustworthy even in the presence of bugs, adversaries who look like bugs for most viewpoints, etc. Paranoid speculation is useless, concrete discussion of threat models and how to address them is useful. (Thus why I mentioned things like typed assembly language as being a more productive topic than infinitely recursive paranoia. One can speculate endlessly on who is collaborating with whom without ever terminating, but robust threat models with technical solutions are something you can actually do something about.) Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography