Eddy Nigg wrote, On 2008-12-05 04:48:
> On 12/05/2008 09:17 AM, Nelson Bolyard:
>> Ian,
>>
>> Now, in contrast to that, I have been led to believe that Skype's:
>> - protocols, security designs and parameters are proprietary, secret, have
>> not been openly published, and thus not subjected to public scrutiny
>> - components are all proprietary.  Their clients only interoperate with their
>> servers and their other clients.  It's a closed system, as far as I know.
>> - security claims are not independently verifiable by those who have no
>> economic interest in keeping unfavorable findings secret
> 
> Nelson, you know what truly amazes me? That people like Ian actually 
> promote a closed, proprietary source and proprietary standards, 
> unaudited and secretive model of a commercial vendor who's product locks 
> in its users and who's security model is highly questionable. All this 
> in order to bash PKI, CAs and digital certificates. I wonder if this has 
> something to do with a certain CA not being included in NSS?

I think Ian has a valid and interesting perspective to consider, which
(if I may attempt to summarize) is that, to the consumer who is not very
discerning in security matters, and who takes no side in the open/closed
source religious conflict as long as the software/service that he wants
is free or dirt cheap, a turn key product that appears to "work", and
that claims to have some security (whether real or not), is more attractive
than a product that claims moral high-ground on the open/closed battle
front, and may have security that appeals to nerds, but takes more effort to
learn and use.

I don't doubt that at all.  There's a reason why people keep paying for
Windows or MacOS rather than getting Linux for free.

My main point in that message to Ian was that, like it or not, Mozilla
is very much allied with the open source movement, and the newsgroups
and mailing lists that Mozilla sponsors are intended (I believe) to be
places for the people who want to see Mozilla's software succeed, within
its self-imposed boundaries (which I listed), to congregate, communicate,
(maybe) commiserate, and try to help one another succeed with Mozilla's
software.

I think this list is NOT the place for the debate over the superiority
of open vs. closed source software.  This is the open source locker room,
not the open/closed source battle field.

Now, if the discussion can be steered to how Mozilla's crypto can succeed at
becoming as popular as Skype may be, WITHOUT it having to resort to
- closed source,
- proprietary designs (restricted intellectual property),
- being a closed system with no interoperability,
that may be worthwhile for this forum, IMO.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to