Date: Mon, 23 Sep 2013 20:00:40 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days! Message-ID: <CA%2BQLa9Azu8cF1N53WMkOomK=m=imLhMsqi7XrhD%2BL%2BdRJY5CSA@mail.gmail.com> In-Reply-To: <l1q8b0$9co$1@ger.gmane.org> References: <CE65ABAF.125A5%vmiller@verisign.com> <201309231851.MAA14047@mail.lariat.net> <l1q8b0$9co$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Any contribution from a company like Verisign needs to be carefully scrutinized. I also don't think it wise to allow them to take a leadership role of any type. On Mon, Sep 23, 2013 at 4:29 PM, Michael Powell <nightrecon@hotmail.com> wrote: > Brett Glass wrote: > >> All: >> >> It's good to see corporate support of BSD, but at the same time I >> have mixed feelings about certain corporations -- Verisign among >> them -- hosting BSD-related conferences or becoming involved in the >> development of BSD-based operating systems. Why? Because Verisign, >> based in Reston, Virginia (the city next door to Vienna, VA, home >> of the NSA), has strong ties to this shadowy agency. > > No. I used to work right down the street from Network Solutions (now known > as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was > better off to stay where I was. The NSA is headquartered at Ft Meade, near > Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in > Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few > miles down the Dulles Toll Rd to the west. I've been to all these places, so > this is not some MapQuest google for me. > >> The NSA, in >> turn -- as reported in documents recently leaked by Edward Snowden >> -- has a very strong interest in weakening the security of >> cryptographic algorithms, cryptographic software, and operating >> systems. We may want to look this gift horse very carefully in the >> mouth, or at least monitor very closely "contributions" of code >> that might introduce backdoors or weaknesses. > > On some level I agree with this - to a point. Examine how the NSA maneuvered > the NIST to approve and mandate the FIPS-140 protocols, where deeply > concealed was a known weak prng. To some of us this is not news - we've > known it for a long time. Arguments of pro vs con, good vs evil, ad > infinitum ad nauseum, etc, are better served in a different venue. > > It is so much easier to get away with concealing such things inside the > closed-source paradigm. What I like and admire with open source is the code > is out there in public for all to examine. These truly arcane crypto stuffs > operate at such a high level of mathematical complexity that even very > highly skilled cryptographer/mathematicians argue amongst themselves. > > I am just not that smart, or that highly educated. There are some in the > open source community who do have very large propellers on their beanie > caps. I defer to them simply because they are smarter then me. I would trust > them long before I would trust closed source. > > I agree about the 'looking the gift horse in the mouth' concept. Bear in > mind, however, some of the guys at NIST are pretty smart too. And yet this > FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed > open source in general) to try and engage, include, and attract to the > community the kinds of elite mathematician who may have the facilities to > examine the code at a higher level than can dummies like me. > > Whenever The Citadel wants the public to fixate on any one particular > brouhaha I know they are trying to get everyone looking in a particular > direction whilst they are pulling something else. Verisign may very well > have some other obfuscated agenda. Take a step backwards and try to obtain > some view of the bigger picture (hint). Will not elaborate here, even though > I do have some crackpot ideas. > > I find it highly ironic: > > http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden > > I got no end of amusement from this. Just my $ 0.02. > > -Mike > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9Azu8cF1N53WMkOomK=m=imLhMsqi7XrhD%2BL%2BdRJY5CSA>