Re: Reasonable proposal for migrating to 2.0

In message <CABkgnnVJG0JuT+cfB5eDMCrbSOfWroNg2Bp_PVWS8boevBoBQA@mail.gmail.com>
, Martin Thomson writes:
>On 17 November 2013 14:51, Willy Tarreau <w@1wt.eu> wrote:
>>> For closed source browsers
>>> of US origin, there's no telling what they can or will tell the user
>>> or what relationship that might have with the truth.
>>
>> You can say the same about their TLS libs anyway, so that's not an
>> issue we can cover using a protocol.
>
>It's not like you could say... check or anything.  Given that it only
>takes one reasonably-aware user to discover a lie, I don't think a
>closed source browser is really going to take those sorts of risks.

I think your game-theory calculus is wrong.

Your one "reasonably-aware" user can indeed spend his time disassembling
a closed source browser, and audit the rather hard to read and
understand result for security "features".

And he also needs to disassemble the entire kernel as well, in order
to be sure the brower you disassembled is the one getting actually
getting executed.

... or he can grab an open-source browser and audit the source code and
compile it himself.

Guess what:  I have yet to hear about anybody who did the former
massive amount of work, who were not looking to gain a competitive
advantage in the browser-attack business.

So no, Ken Thompson is still spot on:  The Question of Trusting Trust
is still unanswerable.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Monday, 18 November 2013 07:53:50 UTC