[Cryptography] New free TLS CA coming

Eric Mill eric at konklone.com
Wed Nov 19 01:45:27 EST 2014

On Tue, Nov 18, 2014 at 9:56 PM, Salz, Rich <rsalz at akamai.com> wrote:

> > What the hell does that mean? "As much as possible" sounds to me like
> "not
> > everything".
> Yes, it means that ISRG will not commit to making every single bit of
> source available. For example, the system might use a RAID disk whose
> controller is private source. Or it might use a tamper-proof HSM where the
> vendor does not give out the source.  And for most of the people in the
> world, that will be okay.  But one or two with loud voices will complain
> "you promised to give all the source."
> So ISRG is setting realistic and achievable goals.

Totally with you. Since that's the case, even a small sentence tweak to add
an "e.g. HSM firmware" might help steer people's brains onto the good-faith
track as they read it.

I was touring over the GitHub organization for /letsencrypt, and it was
missing code for the server. I emailed someone on the project about whether
it would be open sourced and they said yes. Like of course.

EFF's apparently been working on this (in the dark) since May 2012, when it
was originally specced out as the "Chocolate protocol":


EFF sure enjoys making the biggest media splash possible, but it's
impossible to imagine EFF and Mozilla working on anything where the core
components that *they* write on a security system aren't open source.

If LE works, it's going to radically transform the CA landscape, and it
will do it through open souece and principled protocol design.

Sometimes the attitudes expressed by colleagues in my field depress me.

The work done by some of my colleagues in my field awes me.

-- Eric

>         /r$
> --
> Principal Security Engineer, Akamai Technologies
> IM: rsalz at jabber.me Twitter: RichSalz
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141119/f235ba7d/attachment.html>

More information about the cryptography mailing list