Eddy Nigg wrote, On 2008-12-05 04:48: > On 12/05/2008 09:17 AM, Nelson Bolyard: >> Ian, >> >> Now, in contrast to that, I have been led to believe that Skype's: >> - protocols, security designs and parameters are proprietary, secret, have >> not been openly published, and thus not subjected to public scrutiny >> - components are all proprietary. Their clients only interoperate with their >> servers and their other clients. It's a closed system, as far as I know. >> - security claims are not independently verifiable by those who have no >> economic interest in keeping unfavorable findings secret > > Nelson, you know what truly amazes me? That people like Ian actually > promote a closed, proprietary source and proprietary standards, > unaudited and secretive model of a commercial vendor who's product locks > in its users and who's security model is highly questionable. All this > in order to bash PKI, CAs and digital certificates. I wonder if this has > something to do with a certain CA not being included in NSS?
I think Ian has a valid and interesting perspective to consider, which (if I may attempt to summarize) is that, to the consumer who is not very discerning in security matters, and who takes no side in the open/closed source religious conflict as long as the software/service that he wants is free or dirt cheap, a turn key product that appears to "work", and that claims to have some security (whether real or not), is more attractive than a product that claims moral high-ground on the open/closed battle front, and may have security that appeals to nerds, but takes more effort to learn and use. I don't doubt that at all. There's a reason why people keep paying for Windows or MacOS rather than getting Linux for free. My main point in that message to Ian was that, like it or not, Mozilla is very much allied with the open source movement, and the newsgroups and mailing lists that Mozilla sponsors are intended (I believe) to be places for the people who want to see Mozilla's software succeed, within its self-imposed boundaries (which I listed), to congregate, communicate, (maybe) commiserate, and try to help one another succeed with Mozilla's software. I think this list is NOT the place for the debate over the superiority of open vs. closed source software. This is the open source locker room, not the open/closed source battle field. Now, if the discussion can be steered to how Mozilla's crypto can succeed at becoming as popular as Skype may be, WITHOUT it having to resort to - closed source, - proprietary designs (restricted intellectual property), - being a closed system with no interoperability, that may be worthwhile for this forum, IMO. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto