[Cryptography] EFF amicus brief in support of Apple
Perry E. Metzger
perry at piermont.com
Sun Mar 6 10:33:07 EST 2016
On Sat, 5 Mar 2016 15:23:18 -0500 grarpamp <grarpamp at gmail.com> wrote:
> You compute hardware should be completely open.
> You compute software should be completely open.
> You should fuse your own keys into your own hardware
> for software builds you reproducibly build sign and install
> yourself from distributed opensource software.
There's no way the average person can build their own software from
source, and if they could, it still wouldn't say anything interesting
about the security of the overall system. Indeed, it likely would
*reduce* the security of the average system that still existed, though
of course in practice security would rise since no one would be
performing attacks for money any more since only one in every 5000
people would have a computer.
The tenor of such comments is always "there's a silver bullet here,
and it is open systems". Well, no, sadly, there are no silver
bullets. Security is hard, and remains (sadly) a set of trade-offs
between alternatives that are often quite mediocre. Regardless,
forcing your 80 year old grandfather who used to be a chef to audit a
few million lines of source code, compile them, and load them onto
his phone before he can make a phone call isn't going to help
anything at all.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list