[Cryptography] Advice and feedback on our crypto software audits

[Tom Mitchell]

On Thu, Feb 20, 2014 at 7:41 AM, David Dahl <ddahl at nulltxt.se> wrote:

> Good Morning Crypto and Privacy Enthusiasts,
>
> [X-posted to randombit, metzdowd and liberation-tech]
>
  ;-(


>
> I'd like to solicit feedback from the crypto/privacy community on
> development procedures for bringing a new cryptography product to market in
> a responsible manner with sufficient review and vetting of its design and
> security claims.

.......snip...

>
> David Dahl
>
>
Apple and Google have both published security models and plans.
The Apple models is quite good...

Both are available on the web.

Anything you do must live in these worlds.

One tangle I see is applications that communicate with home
via strong encrypted channels can deliver anything.

My preference is that only authentication be strongly encrypted....
The data seen locally and transmitted should be audible.



-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140221/6fe95437/attachment.html>