- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Mon, 18 Nov 2013 07:53:27 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- cc: Willy Tarreau <w@1wt.eu>, HTTP Working Group <ietf-http-wg@w3.org>
In message <CABkgnnVJG0JuT+cfB5eDMCrbSOfWroNg2Bp_PVWS8boevBoBQA@mail.gmail.com> , Martin Thomson writes: >On 17 November 2013 14:51, Willy Tarreau <w@1wt.eu> wrote: >>> For closed source browsers >>> of US origin, there's no telling what they can or will tell the user >>> or what relationship that might have with the truth. >> >> You can say the same about their TLS libs anyway, so that's not an >> issue we can cover using a protocol. > >It's not like you could say... check or anything. Given that it only >takes one reasonably-aware user to discover a lie, I don't think a >closed source browser is really going to take those sorts of risks. I think your game-theory calculus is wrong. Your one "reasonably-aware" user can indeed spend his time disassembling a closed source browser, and audit the rather hard to read and understand result for security "features". And he also needs to disassemble the entire kernel as well, in order to be sure the brower you disassembled is the one getting actually getting executed. ... or he can grab an open-source browser and audit the source code and compile it himself. Guess what: I have yet to hear about anybody who did the former massive amount of work, who were not looking to gain a competitive advantage in the browser-attack business. So no, Ken Thompson is still spot on: The Question of Trusting Trust is still unanswerable. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 18 November 2013 07:53:50 UTC