Eddy Nigg wrote: >Nelson wrote: >> Now, in contrast to that, I have been led to believe that Skype's: >> - protocols, security designs and parameters are proprietary, secret, have >> not been openly published, and thus not subjected to public scrutiny >> - components are all proprietary. Their clients only interoperate with their >> servers and their other clients. It's a closed system, as far as I know. >> - security claims are not independently verifiable by those who have no >> economic interest in keeping unfavorable findings secret
>Nelson, you know what truly amazes me? That people like Ian actually >promote a closed, proprietary source and proprietary standards, >unaudited and secretive model of a commercial vendor who's product locks >in its users and who's security model is highly questionable. All this >in order to bash PKI, CAs and digital certificates. I wonder if this has >something to do with a certain CA not being included in NSS? I doubt that Ian promotes the things you claim he does. I believe that he as well as I see a problem with the alternatives since they are way off in terms of users. That there should be as you claim mainly a "UI problem" is an opinion that has some support in the literature ("Jonny can't encrypt"), but I feel that it is much deeper than that; security should probably as in the case of Skype be transparent, not needing any UI at all. I start Skype and that's about it. We can probably not get much further on this thread except that we violently disagree on for example the importance of S/MIME. I will continue with my mobile phone stuff because the "container" issue isn't solved either. Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto