[Cryptography] Dumb idea: open-source hardware USB key for crypto

dan at geer.org dan at geer.org
Sat Jan 11 07:08:28 PST 2014


 >                         And just who is going to bring
 > the aforesaid open model upon this class of gear? So it's
 > +1 for spooks.

Yes and no.  Across the security parts of that government with
which I am familiar, the issues of which you are speaking are
deeply troubling -- they buy computers, too.  There is, indeed,
the strong mandate to use commercial off the self (COTS) goods
rather than government-only goods which, on balance, is a Very
Good Thing as perversion of the supply chain is thereby a common
enemy.  That all significant private firms are transnational is
likewise a Very Good Thing (at least in this context).  Naturally,
I have no access to whether the precise discussion taking place
in English here on these two lists is simultaneously taking place
in and around Beijing, Brussels, London, Moscow, and Tokyo, but
I would be surprised if it is not.

Put differently, all airlines share a joint interest in air safety
and none advertise that "our planes fall out of the sky less often
than theirs."  Because airplane crashes are not concealable, they
are studied and thus learned from.  Perhaps the policy you might
want to consider is mandated disclosure of computer failures
whether from attacks or from clumsiness.  Public health trumps
medical privacy should you turn up at hospital with smallpox or
the plague.  Peter Neumann's long-running RISKS digest is a small
mockup of what might well be a global need.  As with airlines and
the (US) National Transportation Safety Board, learning from events
is about all you can do once collective complexity is above that
level where further refinements of design are, at best, episodic.

--dan




More information about the cypherpunks mailing list