[If people don't want to see more of this debate, let me know] >For security critical things (everything from HSM's to barbie dolls >nowadays), we want a small core-team of developers and a large audience >(something in the order of magnitude of at least 100) of people who can audit >it.
You need to distinguish though between "can audit" and "will audit". If you want to create the presumption of auditability then by all means use some sort of open format. However, if existing practice is anything to go by, no-one will ever audit the code. They may glance through it (which is how some existing bugs were found, both the PGP and GPG bugs were found more or less by accident), but it'll never get audited unless you pay a third party to do it (in which case they will presumably have whatever tools are needed for the job). It just doesn't seem like a good idea to constrain the developers into using inferior tools in order to accommodate an event that will almost certainly never happen. Peter. _______________________________________________ Tech mailing list [email protected] https://lists.cryptech.is/listinfo/tech
