Ian,

Previously in this thread, you wrote:

> For me, the purpose of this debate is finding out what users can expect from
> Mozilla by way of security.

The answers to that quest probably include these properties:
- open, openly specified, not secret,
- inner workings subjected to public scrutiny.
- security claims independently verifiable
- interoperability with products from other sources is desired, not avoided
- interoperability with products from other sources is based on standards
compliance - not proprietary specifications controlled solely by Mozilla

Now, in contrast to that, I have been led to believe that Skype's:
- protocols, security designs and parameters are proprietary, secret, have
not been openly published, and thus not subjected to public scrutiny
- components are all proprietary.  Their clients only interoperate with their
servers and their other clients.  It's a closed system, as far as I know.
- security claims are not independently verifiable by those who have no
economic interest in keeping unfavorable findings secret

I suspect that part of the reason you look so favorably on Skype is
precisely that its security claims have NOT been subjected to public
scrutiny.  I think you tend to give them the benefit of a (very large) doubt.
In the absence of published faults in their technology, in your debates
it seems you tend to treat that technology as flawless, which gives them an
advantage that no openly specified system can ever have.

I believe you will not get Mozilla or its community members interested in
developing a solution that requires that
- all clients and all servers come from Mozilla,
- protocol specifications, source code, and other technologies be kept secret
- security claims must be taken on faith.

Consequently, I think there's little to be gained by continuing to hold
Skype up as a shining example in this list/group.  So, please don't keep
flogging us with praise for Skype or other systems that are antithetical
to the values of the open-source community.

Thanks.

/Nelson (speaking only for myself, as always)
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to