On Sat, May 18, 2013 at 9:49 AM, Adam Back <a...@cypherspace.org> wrote: > On Fri, May 17, 2013 at 04:52:07AM -0400, bpmcontrol wrote: >> >> On 05/17/2013 04:19 AM, Eugen Leitl wrote: >>> >>> It is unreasonable for an closed source product by a commercial >>> vendor to go any other way [putting backdoors in security products] >> >> Makes perfect sense. as its sometimes required by law, >> other times required to keep the users safe or companies away from legal >> harm. > > Well that seems like a bold and controversial claim to me, maybe with its > own liability and legal implications! > > Would you expect microsoft IIS web server to contain an SSL backdoor? Or > microsoft VPN client? Or cisco? A lot of businesses and individuals are > relying on these things to do what is advertised. Not doing what is > advertised can itself get companies in trouble, in many jurisdictions. > Skype has/had as a differentiator that it was end2end encrypted, it is my > impression that a number of people used it for that purpose. Correct. It does not match a user's mental model; nor does it meet a user's expectations (to borrow from Dr. Gutmann).
Cisco is kind of an odd case since it advertises its backdoors. http://www.cisco.com/web/about/security/intelligence/LI-3GPP.html. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography