[Cryptography] Moving forward on improving HTTP's security

[Faré]

On Tue, Nov 19, 2013 at 10:52 PM, Bear <bear at sonic.net> wrote:
> Honestly, I think the best we can do for secure crypto devices is
> to develop and publish schematics and parts shopping guides for
> build-your-own kits.  Along with parts testing guides and software
> so you can be absolutely sure each component of the device is doing
> exactly what it's supposed to do.
>
I don't think we're there yet, but eventually we will be.

Trustable computing is computing that possesses an auditable bootstrap
path from trustable sources. That is why efforts like those of Alan
Kay, Ian Piumarta, etc., or the DARPA CRASH-SAFE program, matter.

Of course, in the next step of the trust war, to avoid overly easy
pattern recognition and subversion of the initial bootstrap elements,
you need not just a fixed schematics, but a random generator of
schematics that are equivalent at a high-level, but hard to recognize
and latch on at a low-level, thereby making a recognizer hard to hide
in the lower-level substrate that you're building upon. Happily, we're
not that far along the arms race yet.

The race has no end.

—♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org
Be who you are and say what you feel, because those who mind don't matter
and those who matter don't mind.  — Dr. Seuss