Eddy Nigg wrote:
>Nelson wrote:
>> Now, in contrast to that, I have been led to believe that Skype's:
>> - protocols, security designs and parameters are proprietary, secret, have
>> not been openly published, and thus not subjected to public scrutiny
>> - components are all proprietary. Their clients only interoperate with their
>> servers and their other clients. It's a closed system, as far as I know.
>> - security claims are not independently verifiable by those who have no
>> economic interest in keeping unfavorable findings secret
>Nelson, you know what truly amazes me? That people like Ian actually
>promote a closed, proprietary source and proprietary standards,
>unaudited and secretive model of a commercial vendor who's product locks
>in its users and who's security model is highly questionable. All this
>in order to bash PKI, CAs and digital certificates. I wonder if this has
>something to do with a certain CA not being included in NSS?
I doubt that Ian promotes the things you claim he does.
I believe that he as well as I see a problem with the alternatives
since they are way off in terms of users.
That there should be as you claim mainly a "UI problem" is an opinion
that has some support in the literature ("Jonny can't encrypt"),
but I feel that it is much deeper than that; security should probably
as in the case of Skype be transparent, not needing any UI at all.
I start Skype and that's about it.
We can probably not get much further on this thread except that we
violently disagree on for example the importance of S/MIME.
I will continue with my mobile phone stuff because the "container"
issue isn't solved either.
Anders
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
