[Cryptography] New free TLS CA coming
Hanno Böck
hanno at hboeck.de
Wed Nov 19 07:51:03 EST 2014
Am Tue, 18 Nov 2014 21:56:37 -0500
schrieb "Salz, Rich" <rsalz at akamai.com>:
> Yes, it means that ISRG will not commit to making every single bit of
> source available. For example, the system might use a RAID disk whose
> controller is private source. Or it might use a tamper-proof HSM
> where the vendor does not give out the source. And for most of the
> people in the world, that will be okay. But one or two with loud
> voices will complain "you promised to give all the source."
>
> So ISRG is setting realistic and achievable goals.
Sorry, my initial mail probably sounded more rude than it was meant.
That explanation sounds reasonable, it was just some "hu, what do they
mean with that?" moment when I read the webpage. Probably some
explanation on the webpage would be a good idea.
However as I already implied in the other part of this thread: I'd
strongly suggest if the choice is between a "open, verifiable
source code controllable HSM" and "has some fancy certification with
questionable security value" to choose the open solution.
(every time I hear FIPS and common criteria certified I have to think
about this story:
http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/
)
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141119/0886901b/attachment.sig>
More information about the cryptography
mailing list