Ian, Previously in this thread, you wrote:
> For me, the purpose of this debate is finding out what users can expect from > Mozilla by way of security. The answers to that quest probably include these properties: - open, openly specified, not secret, - inner workings subjected to public scrutiny. - security claims independently verifiable - interoperability with products from other sources is desired, not avoided - interoperability with products from other sources is based on standards compliance - not proprietary specifications controlled solely by Mozilla Now, in contrast to that, I have been led to believe that Skype's: - protocols, security designs and parameters are proprietary, secret, have not been openly published, and thus not subjected to public scrutiny - components are all proprietary. Their clients only interoperate with their servers and their other clients. It's a closed system, as far as I know. - security claims are not independently verifiable by those who have no economic interest in keeping unfavorable findings secret I suspect that part of the reason you look so favorably on Skype is precisely that its security claims have NOT been subjected to public scrutiny. I think you tend to give them the benefit of a (very large) doubt. In the absence of published faults in their technology, in your debates it seems you tend to treat that technology as flawless, which gives them an advantage that no openly specified system can ever have. I believe you will not get Mozilla or its community members interested in developing a solution that requires that - all clients and all servers come from Mozilla, - protocol specifications, source code, and other technologies be kept secret - security claims must be taken on faith. Consequently, I think there's little to be gained by continuing to hold Skype up as a shining example in this list/group. So, please don't keep flogging us with praise for Skype or other systems that are antithetical to the values of the open-source community. Thanks. /Nelson (speaking only for myself, as always) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
