From owner-freebsd-questions@FreeBSD.ORG Tue Sep 24 00:00:43 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 424F9791 for ; Tue, 24 Sep 2013 00:00:43 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-ea0-x22d.google.com (mail-ea0-x22d.google.com [IPv6:2a00:1450:4013:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D116022FF for ; Tue, 24 Sep 2013 00:00:42 +0000 (UTC) Received: by mail-ea0-f173.google.com with SMTP id g10so2093296eak.32 for ; Mon, 23 Sep 2013 17:00:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=sSenMS+FZQ3fMnV7EuAegBNWz4H301I3prBdMCxnKpw=; b=U8J5pvLw+DmuEBWMYLELio1EIaVSjEmCihdyzFAoBOQwru2pwNWTRexekxdlNdVWkk eWcjl4pJ8M8xAio8jqY9QcI8JX3RlNZlRw5fiuoUY86eqP0a12pe7lQh3m+h/qeaRTb0 Cte8cx5U0rDifgryC80+Kok7c8VZw4ensq1m4amtANNwKJHQkDWFd+ckaKpOvKeVX6SN WeqvcJXs4oxwK2ZEg82DQ+71gpJ33NIQnpPpsT2yN6zdzYEHgClosYL5nDiwmHU8cReN V9u71TiJScb8C3kebBfOjCofXYnQbszeHN3BwkJmi2n5kA3uRy8zr4ZHNEHxgqiU2Dpu Hvew== MIME-Version: 1.0 X-Received: by 10.14.219.198 with SMTP id m46mr9299215eep.41.1379980841061; Mon, 23 Sep 2013 17:00:41 -0700 (PDT) Received: by 10.14.22.65 with HTTP; Mon, 23 Sep 2013 17:00:40 -0700 (PDT) In-Reply-To: References: <201309231851.MAA14047@mail.lariat.net> Date: Mon, 23 Sep 2013 20:00:40 -0400 Message-ID: Subject: Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days! From: Robert Simmons To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Sep 2013 00:00:43 -0000 Any contribution from a company like Verisign needs to be carefully scrutinized. I also don't think it wise to allow them to take a leadership role of any type. On Mon, Sep 23, 2013 at 4:29 PM, Michael Powell wrote: > Brett Glass wrote: > >> All: >> >> It's good to see corporate support of BSD, but at the same time I >> have mixed feelings about certain corporations -- Verisign among >> them -- hosting BSD-related conferences or becoming involved in the >> development of BSD-based operating systems. Why? Because Verisign, >> based in Reston, Virginia (the city next door to Vienna, VA, home >> of the NSA), has strong ties to this shadowy agency. > > No. I used to work right down the street from Network Solutions (now known > as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was > better off to stay where I was. The NSA is headquartered at Ft Meade, near > Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in > Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few > miles down the Dulles Toll Rd to the west. I've been to all these places, so > this is not some MapQuest google for me. > >> The NSA, in >> turn -- as reported in documents recently leaked by Edward Snowden >> -- has a very strong interest in weakening the security of >> cryptographic algorithms, cryptographic software, and operating >> systems. We may want to look this gift horse very carefully in the >> mouth, or at least monitor very closely "contributions" of code >> that might introduce backdoors or weaknesses. > > On some level I agree with this - to a point. Examine how the NSA maneuvered > the NIST to approve and mandate the FIPS-140 protocols, where deeply > concealed was a known weak prng. To some of us this is not news - we've > known it for a long time. Arguments of pro vs con, good vs evil, ad > infinitum ad nauseum, etc, are better served in a different venue. > > It is so much easier to get away with concealing such things inside the > closed-source paradigm. What I like and admire with open source is the code > is out there in public for all to examine. These truly arcane crypto stuffs > operate at such a high level of mathematical complexity that even very > highly skilled cryptographer/mathematicians argue amongst themselves. > > I am just not that smart, or that highly educated. There are some in the > open source community who do have very large propellers on their beanie > caps. I defer to them simply because they are smarter then me. I would trust > them long before I would trust closed source. > > I agree about the 'looking the gift horse in the mouth' concept. Bear in > mind, however, some of the guys at NIST are pretty smart too. And yet this > FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed > open source in general) to try and engage, include, and attract to the > community the kinds of elite mathematician who may have the facilities to > examine the code at a higher level than can dummies like me. > > Whenever The Citadel wants the public to fixate on any one particular > brouhaha I know they are trying to get everyone looking in a particular > direction whilst they are pulling something else. Verisign may very well > have some other obfuscated agenda. Take a step backwards and try to obtain > some view of the bigger picture (hint). Will not elaborate here, even though > I do have some crackpot ideas. > > I find it highly ironic: > > http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden > > I got no end of amusement from this. Just my $ 0.02. > > -Mike > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"