[FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
rsimmons0 at gmail.com
Tue Sep 24 00:00:43 UTC 2013
Any contribution from a company like Verisign needs to be carefully
scrutinized. I also don't think it wise to allow them to take a
leadership role of any type.
On Mon, Sep 23, 2013 at 4:29 PM, Michael Powell <nightrecon at hotmail.com> wrote:
> Brett Glass wrote:
>> It's good to see corporate support of BSD, but at the same time I
>> have mixed feelings about certain corporations -- Verisign among
>> them -- hosting BSD-related conferences or becoming involved in the
>> development of BSD-based operating systems. Why? Because Verisign,
>> based in Reston, Virginia (the city next door to Vienna, VA, home
>> of the NSA), has strong ties to this shadowy agency.
> No. I used to work right down the street from Network Solutions (now known
> as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was
> better off to stay where I was. The NSA is headquartered at Ft Meade, near
> Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in
> Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few
> miles down the Dulles Toll Rd to the west. I've been to all these places, so
> this is not some MapQuest google for me.
>> The NSA, in
>> turn -- as reported in documents recently leaked by Edward Snowden
>> -- has a very strong interest in weakening the security of
>> cryptographic algorithms, cryptographic software, and operating
>> systems. We may want to look this gift horse very carefully in the
>> mouth, or at least monitor very closely "contributions" of code
>> that might introduce backdoors or weaknesses.
> On some level I agree with this - to a point. Examine how the NSA maneuvered
> the NIST to approve and mandate the FIPS-140 protocols, where deeply
> concealed was a known weak prng. To some of us this is not news - we've
> known it for a long time. Arguments of pro vs con, good vs evil, ad
> infinitum ad nauseum, etc, are better served in a different venue.
> It is so much easier to get away with concealing such things inside the
> closed-source paradigm. What I like and admire with open source is the code
> is out there in public for all to examine. These truly arcane crypto stuffs
> operate at such a high level of mathematical complexity that even very
> highly skilled cryptographer/mathematicians argue amongst themselves.
> I am just not that smart, or that highly educated. There are some in the
> open source community who do have very large propellers on their beanie
> caps. I defer to them simply because they are smarter then me. I would trust
> them long before I would trust closed source.
> I agree about the 'looking the gift horse in the mouth' concept. Bear in
> mind, however, some of the guys at NIST are pretty smart too. And yet this
> FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed
> open source in general) to try and engage, include, and attract to the
> community the kinds of elite mathematician who may have the facilities to
> examine the code at a higher level than can dummies like me.
> Whenever The Citadel wants the public to fixate on any one particular
> brouhaha I know they are trying to get everyone looking in a particular
> direction whilst they are pulling something else. Verisign may very well
> have some other obfuscated agenda. Take a step backwards and try to obtain
> some view of the bigger picture (hint). Will not elaborate here, even though
> I do have some crackpot ideas.
> I find it highly ironic:
> I got no end of amusement from this. Just my $ 0.02.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions